You can encrypt the password to a degree with md5. You would need to md5 the password from when the user signs up and before the login md5....

您可以使用 md5 对密码进行一定程度的加密。您需要在用户注册时和登录 md5 之前对密码进行 md5 ....

Example: // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $mypassword = md5($mypassword);

例子： // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $mypassword = md5($mypassword);

You would also need to use this whenever you have a user sign up.

每当您有用户注册时，您也需要使用它。

As a beginner, most likely you do not need any encryption. Especially because it would be Javascript, not PHP.
Though it can be done.
You could use hashed challenge implementing Digest authentication schema

作为初学者，您很可能不需要任何加密。特别是因为它将是 Javascript，而不是 PHP。
虽然可以做到。
您可以使用散列挑战实现摘要身份验证模式

• server send a challenge - a random strimg
• client make a hash of this challenge and a password
• this hash being sent to server
• server doing a hash the same way and compare both

• 服务器发送挑战 - 随机字符串
• 客户端对这个挑战和密码进行哈希处理
• 这个散列被发送到服务器
• 服务器以相同的方式进行散列并比较两者

There are a lot of Javascript MD5 hashing algorithm implementations over internet.

互联网上有很多 Javascript MD5 哈希算法实现。

Of course, an SSL certificate would be preferred over this homemade implementation.

当然，SSL 证书比这个自制的实现更受欢迎。

But to get proper answer, you still need to clarify what exactly you want to encrypt and why. And why don't you concerned about securing something else. Your whole database for example.

但是要获得正确的答案，您仍然需要澄清您究竟想要加密什么以及为什么。为什么你不关心保护其他东西。例如您的整个数据库。

Some notes for a while.
Your login_success code would either not work and protect nothing.
It should be just

一些笔记一段时间。
您的 login_success 代码要么不起作用，要么什么都不保护。
应该只是

if(isset($_SESSION['username'])){

because there is no $myusername variable to compare.
And there ought to be exit;right after header("location:...
Or a client will get protected contents anyway

因为没有要比较的 $myusername 变量。
并且应该紧随exit;其后header("location:...
否则客户无论如何都会获得受保护的内容

To make this a little more secure, you should store encrypted passwords in your database and then compare the encrypted entered password with the stored hash. This way if someone somehow accesses the members table, they cannot see the actual passwords.

为了使这更安全一些，您应该将加密的密码存储在您的数据库中，然后将加密的输入密码与存储的哈希值进行比较。这样，如果有人以某种方式访问​​成员表，他们就看不到实际的密码。

Suppose the password is myPasswordthen don't just store it, hash it first using an algorithm like md5then store the hash which is deb1536f480475f7d593219aa1afd74cin your database. Then when user enters a password, hash it and compare two hashes.

假设密码myPassword不只是存储它，而是首先使用一种算法md5对其进行散列，然后将其存储deb1536f480475f7d593219aa1afd74c在您的数据库中。然后当用户输入密码时，对其进行散列并比较两个散列。

For more secure approach, use SSL.

要获得更安全的方法，请使用SSL。

You can use md5($password) or sha1($password) while inserting the signup data to table.

您可以在将注册数据插入表时使用 md5($password) 或 sha1($password)。

to match again for login login

再次匹配登录登录

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='".md5($mypassword)."'"; $result=mysql_query($sql);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='".md5($mypassword)."'"; $result=mysql_query($sql);

There is some other way too, to protect further. Using combination of sha1 and salt.

还有其他一些方法可以进一步保护。使用 sha1 和 salt 的组合。

By the way why dont you use some quick php framework coz these small things are already built with them.

顺便说一句，为什么不使用一些快速的 php 框架，因为这些小东西已经用它们构建了。

Thanks

谢谢

Normally you would store a hash of the passwords in the database see md5however this doesn't make it secure between the webpage and server - for this you need to use https.

通常您会在数据库中存储密码的哈希值，请参阅md5但这并不能保证网页和服务器之间的安全 - 为此您需要使用 https。

There are two things here.

这里有两件事。

1. If I'm a dumb user and when I sign up for your site I have to give a password I might give the same password as I used elsewhere so your site should really store a hash of the password instead of the real thing so if they get hacked the attackers won't get my password that I used everywhere. To do this you store the hash in your members table and in the query that checks it is valid you pass a hash instead of the real thing.

1. 如果我是一个愚蠢的用户，当我注册您的网站时，我必须提供密码如果他们被黑客入侵，攻击者将无法获得我在任何地方使用的密码。为此，您将散列存储在您的成员表中，并在检查它是否有效的查询中，您传递一个散列而不是真实的东西。

2. Under http the password will get sent from the browser to the server in plain text. If this is over the internet and an attacker has access to any networks in between the browser and client then they can see the password - if you hash it in the browser using javascript the attacker can pick up the hash and possibly use this to login to your site. That is why we have https. For a low cost (especially compared to development costs) you can buy a certificate that will secure the connection. If you don't want to do this you can self sign a certificate and use this. If your hosting does not allow you to use a certificate then it might be possible to create a home brew solution but it is much better to just find other hosting.

2. 在 http 下，密码将从浏览器以纯文本形式发送到服务器。如果这是通过互联网并且攻击者可以访问浏览器和客户端之间的任何网络，那么他们可以看到密码 - 如果您使用 javascript 在浏览器中对其进行散列，则攻击者可以获取散列并可能使用它来登录您的网站。这就是为什么我们有https。以较低的成本（尤其是与开发成本相比），您可以购买可以保护连接的证书。如果您不想这样做，您可以自签名证书并使用它。如果您的主机不允许您使用证书，则可以创建自制解决方案，但最好找到其他主机。

md5 would be the best in this case. Run the Input Details such as Password through the MD5 function and insert into your database.

在这种情况下，md5 将是最好的。通过 MD5 函数运行输入详细信息（例如密码）并插入到您的数据库中。

Its nearly unreverseable so the only way to use it is to use MD5 on login also and compair the md5 password from login with the version stored in the database.

它几乎不可逆转，因此使用它的唯一方法是在登录时也使用 MD5，并将登录时的 MD5 密码与存储在数据库中的版本进行比较。