Encrypt/decrypt cookies

I am makeing a memberclub where the members can choose to be remembered by cookie so they don´t have to login each time they visit my site. How do i encrypt the cookie that is stored on the clients computer and then decrypt them?
I have to able to compare the ecrypted password and userid to the actual password and userid which is stored in a mysql table.
Does anybody know how to go about this?

My present code looks like this


class voiceVIP {

var $uid;
var $pwd;
var $content;
var $gyldig;
var $member;

function voiceVIP($path) {

$this->path = $path;
$this->time = time();

$this->session = & New Session();

if (isset($_POST['cookie']) OR isset($_COOKIE["vip"])) {

if(empty($_COOKIE["vip"])) {

$this->input = $_POST['uid'] . ":" . $_POST['pwd'];

setcookie("vip", $this->input, mktime(0,0,0,10,12,2010));

header ("location: $this->path");

}

$this->cookie = explode(':', $_COOKIE["vip"]);
$this->uid = $this->cookie[0];
$this->pwd = $this->cookie[1];

}

else {

$this->uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$this->pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

}

$this->content = "";
$this->gyldig = 0;

}

function refresh_member() {

$this->session->set('check','1');
header("location: $this->path");

}

function refresh_nonmember() {

header("location: nonmember.php");

}

function gyldig() {

return $this->gyldig = 1;

}


function vipmember() {

if (empty($this->uid)) {

$this->content .= "<form method=\\"post\\" action=\\"$PHP_SELF\\" name=\\"form\\">\
";
$this->content .= "<tr><td colspan=\\"2\\">\
";
$this->content .= "<h1> Login Required </h1>You must log in to access this area of the site. If you are\
";
$this->content .= "not a registered user, <a href=\\"http://localhost/acces/signup.php\\">click here</a> to sign up for instant access!</td></tr>\
";
$this->content .= "<tr><td>User ID:</td><td><input type=\\"text\\" name=\\"uid\\" size=\\"20\\" /></td></tr>\
";
$this->content .= "<tr><td>Password:</td><td><input type=\\"password\\" name=\\"pwd\\" SIZE=\\"20\\" /></td></tr>\
";
$this->content .= "<tr><td>Husk mig til en anden gang</td><td><input type=\\"checkbox\\" name=\\"cookie\\"></td></tr>\
";
$this->content .= "<input type=\\"hidden\\" name=\\"path\\" value=\\"$this->path\\">\
";
$this->content .= "<tr><td></td><td><input type=\\"submit\\" value=\\"Log in\\" /></td></tr>\
";
$this->content .= "</form>\
";

return $this->content;

}

else {

$result = @mysql_query("SELECT fullname FROM user WHERE userid = '$this->uid' AND password = PASSWORD('$this->pwd')");
$this->num = @mysql_num_rows($result);
$row = @mysql_fetch_array($result);
$this->member = $row[0];

$this->session->set('uid', $this->uid);
$this->session->set('pwd', $this->pwd);
$this->session->set('gyldig', $this->gyldig());
if (($this->num) ? $this->session->set('member', $this->member) : $this->session->set('member', 'no'));

if ($this->num == 0) {

$this->session->del('uid');
$this->session->del('pwd');
$this->session->del('gyldig');
$this->session->del('member');

if (!empty($_COOKIE["vip"])) setcookie("vip", "", $this->time - 3600);

$this->refresh_nonmember();

}

if ($this->num > 0 && empty($_SESSION['check'])) $this->refresh_member();

}

}

}





include( "class.FastTemplate.php" );

include_once 'db.php';
dbConnect("voice");

require_once 'Session/Session.php';
require_once 'voice/accesVIP.php';

$voice = new FastTemplate( "." );

$voice->define( array(

'base'             =>  'templates/base.tpl',
'top'              =>  'templates/top.tpl',
'banner'           =>  'templates/banner.tpl',
'navigation'       =>  'templates/navigation.tpl',
'layers'           =>  'templates/layers.tpl',
'musikpanel'       =>  'templates/musikpanel.tpl',
'musikpoll'        =>  'templates/musikpoll.tpl',
'stylesheet'       =>  'style/style.css.tpl',
'body'             =>  'dbtemplates/vip.tpl'

));


$url = $_SERVER['PHP_SELF'];
$path = explode("/",$url);
$path = $path[2];

$vip = new voiceVIP($path);
$voiceVIP = $vip->vipmember();

if ($_SESSION['gyldig'] == 0) {

$voice->assign( array(

         VIP => $voiceVIP
));


}


if (!empty($_SESSION['uid']) && $_SESSION['gyldig'] == 1) {
	
$content = "<tr><td><p><b>".$_SESSION['member']."</b><p></p>You have now gained access to a restricted area? <p></p>".$_SESSION['uid']."</td></tr>";

$voice->assign( array(
         VIP => $content
));


}


$voice->parse('STYLE', 'stylesheet');
$voice->parse('TOP', 'top');
$voice->parse('BODY', 'body');
$voice->parse('MUSIKPANEL', 'musikpanel');
$voice->parse('BANNER', 'banner');
$voice->parse('NAVIGATION', 'navigation');
$voice->parse('LAYERS', 'layers');
$voice->parse('MUSIKPOLL', 'musikpoll');
$voice->parse('BASE', 'base');
$voice->FastPrint('BASE');




If your security is not paramount, you can try to encrypt the cookie using RC4Crypt

So for example,


$privateKey = 'this is some private key that no body knows';

$data = array($_POST['uid'],$_POST['pwd']);

//you could hash (e.g. md5) the password string first.

$stringData= serialize($data);

$this->input = rawurlencode(rc4crypt::encrypt($privateKey , $stringData));

setcookie('vip', $this->input, mktime(0,0,0,10,12,2010));

later on…


if(isset($_COOKIE['vip'])
{
   $result = rc4crypt::decrypt($privateKey, rawurldecode($_COOKIE['vip']));
   $data = @unserialize($result); //supress error, cookie string could be tampered.
   if(is_array($data))  //make sure that data is still an array,
   {
      $this->uid = $data[0];
      $this->pwd = $data[1];
   }
}


Hope that helps,

wei.

The common solution is one-way encryption, i.e. md5 or sha hash. Save hashed passwords both in database in a cookie, so you don’t need to decrypt anything.