What do stones regret? (soltice) wrote in php,
What do stones regret?

Here a password, there a password...

I have a problem. My current login system works as follows:

The user inputs their username and password and hits Login. Before the browser sends this information, a javascript catches the password and replaces it with an md5 hash (combined with the username). On my server, the username is queried in the database, pulling up the password. The md5 is regenerated, and is compared with the hash that the user sent.

Now, the problem is that this scheme leaves the password unencrypted in my database.

The problem is, I simply have no idea about how verify the login without having the actual password somewhere. I don't want it sent over the network, but I don't want to store it plainly in the database either. Any suggestions?
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.