Hi everybody,

I want to start with a user login routine and I read everywhere that passwords etc are encripted.

I want to use MySql as db where usernames are stored.

Is it recommended to use HTTPS for login screens to ensure that the user datas entered are secure?

If your host supports SSL then yes by all means use it. Most people but do not bother using SSL unless they are gathering sensitive information from the user such as credit card details etc.

Instead, you can encrypt your passwords using MD5 (or message digest 5) before storing them in your database, and decrypt them for authentication.

<?php

$code= md5($password);

echo "Unencrypted password is $pass";
echo "Encrypted password is $code";

?>

http://forums.webdeveloper.com/showthread.php?s=&threadid=24192#post125897