only store the hashed salted password. this is essentially the only really secure way, in my opinion. encrypted passwords can be decrypted, hashed salted passwords need to be brute-forced.
function salt_password($password)
{
$salt_1 = '7a@#!P^@29g';
$salt_2 = 'mw3*@~2%21mD';
//whatever random nonesense you can come up with
return sha1($salt_1.$password.$salt_2);
}
function store_password($user,$password)
{
$password = salt_password($password);
//insert username and password in whatever table;
}
function login($user,$password)
{
//select username and password info from db
if(salt_password($password) == $selected_password_from_db))
{
return true;
}
else
{
return false
}
}