Generating Passwords
The md5() and crypt() functions encrypt passwords, but they cannot be unencrypted. These are one-way algorithms. You can verify that the users' password matches the password they were initially given by comparing the md5() or crypt() output of the password they use to subsequently enter the site. The two encrypted versions of the same string match (assuming that the same “salt” is used to create the password using the crypt() function).
This is good, because you never store a user's actual password. If your password file falls into the wrong hands, there is little that anybody can do with it. It is very hard to unencrypt a password encrypted by md5() or crypt(). Since you don't store the user's actual password, malicious ...
Get Advanced PHP for Web Professionals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
