Best way to encode passwords in PHP

Question

I currently use,
base64_encode() to encode a user\'s password, this works well because it allows me to simply use base64decode() to dec

Answer 1

As an administrator, you never actually need to recall the password of a user. You simply need to know if a string they've once submitted, is identical to another.

If a user forgets their password, they don't need to be told their old password, you can simply have them provide a new one.

Since you don't need to know the actual passwords, using a crytographic hash of the words would seem like a safe way to store them. However, large tables of pre-computed strings have been made to easily do a reverse-lookup of the hash back it's original string. These are called rainbow tables.

To avoid easy lookup of pre-computed string, you should salt your passwords before hashing them. The salt can be their username prepended, or their user ID postfixed, whatever extra information you have on the user that is permanent that you can easily add to the password during authentication.