AlanSBradburn wrote:the user's password
What if that changes from today to tomorrow?
While there are always ways to manipulate the PHP code to bypass this I'm in for at storing it encrypted, because less skilled people would then not be able to simply read it. In that way, the system doesn't have to be changed (one text only, regardless of how many recipients): with each new PM a new encryption key is created and saved aswell, so you have to use phpBB
in order to decrypt it.
Only downside is: you can't search PMs anymore (I've already implemented this since I store a lot of them).