• 0

User Password Mysql Database ?


Question

I'm going to be creating a family website with a photo gallery. I will be using WAMP (Winodws, Apache, Mysql, PHP). I haven't really done this kind of site before, i'm not really familiar with databases, but i have used php in the past. There will be a different page for each user. I want to have a database with usernames and passwords, and maybe more info about the user, but how do I store passwords on a database? I would think that would be very insecure, is there a way to encrypt the passwords on the database or something? Also whats the best way to go about the users' photo gallery should i have a database of images, or just have the images uploaded on the server and display it? Sorry if this sounds stupid, i really want to learn and do this website right. Thanks for all of your help.

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0

With usernames and passwords you would encrypt and decrypt using PHP and store the ecypted values in a database. A good method for the pictures is to keep a database table with links to where they exist in your upload folder. A good measure when uploading is to take the current unix timestamp and rename the image to that so you won't have any issues with overwriting image files.

With the links in a database table you'd have a collumn that would have some sort of value that points to a specific user (user ID) and when calling the image database you just go line by line through the database using a loop and only pull images where you have a hit with the user ID.

Link to comment
Share on other sites

  • 0

I common way to store passwords in databases isn't to encrypt them, but to hash them. You can use PHP's MD5 function on the password before you store it and when someone logs in, you MD5 the password they provide and compare the result with the hash you've stored in your database. Encryption can be reversed (decrypted) to get the original result, hashing can't. So if someone somehow gets a copy of your database - there's no way they'll be able to get the passwords out of the user records. If you had used encryption, they could - especially if they could get hold of your encryption key.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.