mySQL database password encryption

[timo4r]

I have a problem with MySQL database password encryption. I have website with registration and login system. After i register it stores in my mySQL database login and password. In core.php file i have script which make registered password encrypted and this is code which do this:
$security = array(
'level' => 'medium',
'salt' => '76rf876578uh6y'
);
Configure::write('Security', $security);

I have also html5 element which is login system, it take from mySQL database information which i have used during registration and tries to login and here i have a problem changing my encrypted password.

This is code which i use to change encrypted password to normal in html5 element when i try to login.
I cannot login using this code.

$salt = "76rf876578uh6y";
$epassword = crypt($salt,$password);

after i change this line:
$epassword = crypt($salt,$password);
to this:
$epassword = $password;
i can login by using my encrypted password which i can see in mySQL database. so how i change this line that i can login by using my original registered password not encrypted.

[freshnet]

Can you post the code that is supposed to actually be encrypting the password? It looks like that is what's not working.

[timo4r]

I found some scripts which can tell how password incryption work in website.

[freshnet]

ok so which of these methods are you using. Can you post the code that you think should be encrypting the password?

[timo4r]

ok so which of these methods are you using. Can you post the code that you think should be encrypting the password?

Ok so this code in user.php file will encrypt password. So if i delete this code from my script and will register to website i can see only empty area where was in mySQL database encrypted password.

if(!empty($data['User']['before_password'])) {
$data['User']['password'] = Security::hash(Configure::read('Security.salt').$data['User']['before_password']);}


and now i have found that when i write this code:
$data['User']['password'] = Security::hash(Configure::read('Security.salt').$data['User']['before_password']);
like this:
$data['User']['password'] = $data['User']['before_password'];
after registration in my mySQL it show me only my original password without any encryption.

[freshnet]

Try putting the array elements into individual variables to see if that makes a difference. You can also echo them before and after the command to see what's actually happening, e.g.

Code: Select all

$before_password = $data['User']['before_password'];


[timo4r]

Try putting the array elements into individual variables to see if that makes a difference. You can also echo them before and after the command to see what's actually happening, e.g.

Code: Select all

$before_password = $data['User']['before_password'];


Ok so this script encrypts password in mySQL:
Security::hash(Configure::read('Security.salt'))
and this shows original password in mySQL:
$data['User']['before_password']

I have tried this code in html5 login system, but it does not work.
$epassword = Security::hash(Configure::read('Security.salt').$password);
I think that i probably made some mistake


Yes, after registration i can login by using html5 login system if i do not use any encryption script:
This is website script:
$data['User']['password'] = $data['User']['before_password'];
and this is in html5 login system script:
$epassword = $password;

But how i can do this with encryption so there was some security?