how do i save passwords when i need them later in plain tex (php)

Question

I'm making a mail client in php. My problem is that I need to save the passwords in a database and later retrieve them in plain text when I'm sending mail (I need them for user authentication).

Is there a safe way to do that?

Answer 1

If you however do need to store the secrets for later purposes (not for authentication as mentioned before), you can use some kind of encryption like PHP's

• mcrypt_encrypt http://php.net/mcrypt_encrypt
• mcrypt_decrypt http://php.net/mcrypt_decrypt

Pick a key per password and store that key somewhere else then your secrets. Probably the best option would be to extract a key based on some static parameters of the account that owns the password.

This application logic will also be needed for decrypting the password. So it would be nice if the de/en-cryption logic runs somewhere isolated from your database storing the encrypted values.

Answer 2

You could query the password from the database.

Then after getting it, you can use the

fwrite(), fopen() 

to open and write on your plaintext, google it, their are plenty of examples. but i agree with @craig1231, its not wise and safe to put vital inforamtions in plaintext and not hashing it.

Answer 3

Craig is correct. However, I suspect your real question is "How can I save data for later use?"

In this case, you have a couple options:

• You can use a database such as MySQL, MSSQL, SQLite, or Oracle.
• You can write to a file on the server's hard disk

Answer 4

Its best not to store passwords as plain text.

For authentication, generate a hash i.e MD5 of the password, then compare the hash stored in the database. If the hashes match then the user is authenticated.

If the user forgets their password, the password should be reset.