Child

Membership management with password encryption


We will learn here how to store encrypted password in the table. Before this in our basic Member signup & login script we have used varchar field to store the passwords of the users. For better security of our software we will encrypted the password by using MD5 encryption and then store the hash of the password string in the table. With this modification managing the script became little different as we can't retrieve the lost password. This part we will discuss separately at the second part of membership script. Now for this modification we have to change our basic membership signup script so we will discuss here what changes / updating are required to our pages for adding this feature. Length of the password field to store MD5 encrypted password 
In the present membership management software we have increase the filed size to 32. A varchar field of 32 lengths is required to store our passwords.

Signup page

While inserting the member details to our member table we have to encrypt the password of the member before storing them in the table. Like this .
$password=md5($password); // Encrypt the password before storing
$query=mysql_query("insert into plus_signup(userid,password,email,name,sex) values('$userid','$password','$email','$name','$sex')");
While checking the signup details of the member we have to check the email address used by the member is already there with us or not. So one more check above the other checks are added ( in comparison to basic script )

Login page

Here we will be asking the visitor to enter his / her login id and password. Before checking the password with the table we have to encrypt it and then match the encrypted password along with the userid against the stored id and password in our membership table.

Change password page

Here once the password validation is cleared, we have to encrypt the password and then update the table with new password.

Forgot password feature.

This is the most important part in member signup script where password is encrypted. We can't retrieve the lost password so we will use one activation key