having user name password system and hiding the password...

[Homer_simpson]

well u know that when some1 signs in with their username and password the url will change to this:
http://blah.com/blah.php?username=homer&password=homerpassword

but that is too obvious and who ever looks at the url will know what the password is... how can i hide the password or turn it into some sorta code?

[Amailer]

Crypt,
You could use that...
http://ca2.php.net/manual/en/function.crypt.php

But you shoudl always for safty reasons Encrypt the password.
You have a login form, with username and password.

The form posts to: login.php
and in there it does this...

(remember in the database...the password is already encrypted)

code:

$query = "SELECT username FROM LOGIN_TABLE                WHERE  username = '$userid'                 AND user_password = md5('$password') "; $result = mysql_query($query);

the md5();
encrypts the password given from the login form :/
And matches the encrypted password with the encrypted password in the mysql TABLE 'LOGIN_TABLE' and FIELD 'user_password'


Basicaly...what you can do is... when sendign the URL.. and getting it checked by a session. You can do this.

code:

$password = mb5($user_password); echo "<a href=\"login.php?user_password=$password\"> err..what ?! </a>";

:p

[Homer_simpson]

but isn't mb5 hackable?

[Amailer]

PHPBB uses it

It is kinda unsafe because it did not change everytime.


But i think its the best to use...

http://termix-zero.ath.cx/pictures/test.php?ty=crypt&password= PASSWORD HERE

http://termix-zero.ath.cx/pictures/test.php?ty=md5&password=PASSWORD HERE

[Homer_simpson]

or i could make a password crypter of my own... the only question is how...

[PaddyLong]

lol... look for encryption algorithms http://www.google.com/search?q=encryption+algorithms

I'd just use md5 if I was you...

[Amailer]

Hm ya, i use it always