Best way to encode passwords in PHP

Question

I currently use,
base64_encode() to encode a user\'s password, this works well because it allows me to simply use base64decode() to dec

Answer 1

I always delete my account only any sites that emails me my password. I put too much effort and time into memorizing long random passwords to have it sent to me in plain text.

Use sha1() or higher non-reversible hash to identify the password. When authenticating a user password, retrieve the hash, and compare it with the hash of the password supplied during authentication. If they match, then the user is authentic within reasonable standards.

$user = "joe";
$password = 'password';

$saved_hash = DB::Query("select hash from users where username = ".quote($user)." LIMIT 1");

if (sha256($password) == $saved_hash) User::authenticated();

Never, ever send passwords in email. Send a unique, non-predictable, generated key, such as in PHP:

$key = sha256(time().rand().$secret_seed);

Send this key to the client, for one time use, to set a new password.