mySQL database password encryption

Links for php scripts

Moderators: macek, egami, gesf

timo4r
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Jul 28, 2012 8:23 am

mySQL database password encryption

Postby timo4r » Sat Jul 28, 2012 10:25 am

I have a problem with MySQL database password encryption. I have website with registration and login system. After i register it stores in my mySQL database login and password. In core.php file i have script which make registered password encrypted and this is code which do this:
$security = array(
'level' => 'medium',
'salt' => '76rf876578uh6y'
);
Configure::write('Security', $security);


I have also html5 element which is login system, it take from mySQL database information which i have used during registration and tries to login and here i have a problem changing my encrypted password.

This is code which i use to change encrypted password to normal in html5 element when i try to login.
I cannot login using this code.

$salt = "76rf876578uh6y";
$epassword = crypt($salt,$password);


after i change this line:
$epassword = crypt($salt,$password);
to this:
$epassword = $password;
i can login by using my encrypted password which i can see in mySQL database. so how i change this line that i can login by using my original registered password not encrypted. :help:

User avatar
freshnet
php-forum Active User
php-forum Active User
Posts: 283
Joined: Tue Feb 22, 2011 8:19 am
Location: Canada

Re: mySQL database password encryption

Postby freshnet » Sat Jul 28, 2012 3:03 pm

Can you post the code that is supposed to actually be encrypting the password? It looks like that is what's not working.

timo4r
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Jul 28, 2012 8:23 am

Re: mySQL database password encryption

Postby timo4r » Sat Jul 28, 2012 10:22 pm

I found some scripts which can tell how password incryption work in website.
Last edited by timo4r on Thu Aug 02, 2012 8:36 am, edited 2 times in total.

User avatar
freshnet
php-forum Active User
php-forum Active User
Posts: 283
Joined: Tue Feb 22, 2011 8:19 am
Location: Canada

Re: mySQL database password encryption

Postby freshnet » Sun Jul 29, 2012 3:47 am

ok so which of these methods are you using. Can you post the code that you think should be encrypting the password?

timo4r
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Jul 28, 2012 8:23 am

Re: mySQL database password encryption

Postby timo4r » Sun Jul 29, 2012 10:04 am

freshnet wrote:ok so which of these methods are you using. Can you post the code that you think should be encrypting the password?

Ok so this code in user.php file will encrypt password. So if i delete this code from my script and will register to website i can see only empty area where was in mySQL database encrypted password.

if(!empty($data['User']['before_password'])) {
$data['User']['password'] = Security::hash(Configure::read('Security.salt').$data['User']['before_password']);}



and now i have found that when i write this code:
$data['User']['password'] = Security::hash(Configure::read('Security.salt').$data['User']['before_password']);
like this:
$data['User']['password'] = $data['User']['before_password'];
after registration in my mySQL it show me only my original password without any encryption.
Last edited by timo4r on Sun Jul 29, 2012 11:46 am, edited 2 times in total.

User avatar
freshnet
php-forum Active User
php-forum Active User
Posts: 283
Joined: Tue Feb 22, 2011 8:19 am
Location: Canada

Re: mySQL database password encryption

Postby freshnet » Sun Jul 29, 2012 11:41 am

Try putting the array elements into individual variables to see if that makes a difference. You can also echo them before and after the command to see what's actually happening, e.g.

Code: Select all

$before_password = $data['User']['before_password'];

timo4r
New php-forum User
New php-forum User
Posts: 4
Joined: Sat Jul 28, 2012 8:23 am

Re: mySQL database password encryption

Postby timo4r » Sun Jul 29, 2012 12:03 pm

freshnet wrote:Try putting the array elements into individual variables to see if that makes a difference. You can also echo them before and after the command to see what's actually happening, e.g.

Code: Select all

$before_password = $data['User']['before_password'];

Ok so this script encrypts password in mySQL:
Security::hash(Configure::read('Security.salt'))
and this shows original password in mySQL:
$data['User']['before_password']

I have tried this code in html5 login system, but it does not work.
$epassword = Security::hash(Configure::read('Security.salt').$password);
I think that i probably made some mistake


Yes, after registration i can login by using html5 login system if i do not use any encryption script:
This is website script:
$data['User']['password'] = $data['User']['before_password'];
and this is in html5 login system script:
$epassword = $password;

But how i can do this with encryption so there was some security?


Return to “PHP Scripts”

Who is online

Users browsing this forum: No registered users and 1 guest