AndrewM16921 Posted July 13, 2013 Share Posted July 13, 2013 (edited) I'm trying to write a little password encryption tool (mostly as a learning experience - but I may end up using it too ). And the encryption and decryption functions I wrote seem to work just fine (see crypt_test.php below). But, for some reason when I try to decrypt a result from a MySql database it doesn't seem to work (see db.php below). Not sure if it's some sort of weird data type issue? Or something else entirely. Code is below... maybe somebody can point me in the right direction. :/ Edit: Seems the encryption function creates a whole different string each execution, which is why the test worked but the db stuff doesn't. Guessing it has something to do with MCRYPT_RAND... help still appreciated though. Thanks ahead of time. crypt.php <?php function encrypt($s) { $key = pack('H*', "-"); //took out keys for forum post $key_size = strlen($key); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $s_utf8 = utf8_encode($s); $cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $s_utf8, MCRYPT_MODE_CBC, $iv); $cipher = $iv . $cipher; $cipher_base64 = base64_encode($cipher); return $cipher_base64; } function decrypt($s) { $key = pack('H*', "-"); //took out keys for forum post $key_size = strlen($key); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $cipher_dec = base64_decode($s); $iv_dec = substr($cipher_dec, 0, $iv_size); $cipher_dec = substr($cipher_dec, $iv_size); $decipher_utf8 = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $cipher_dec, MCRYPT_MODE_CBC, $iv_dec); $decipher_utf8 = str_replace("0", "", $decipher_utf8); return $decipher_utf8; }?> crypt_test.php <?php include('crypt.php'); $p = "password"; $c = encrypt($p); $d = decrypt($c); echo $p.'<br />'; echo $c.'<br />'; echo $d.'<br />'; //works just fine?> db.php <?php include_once('crypt.php'); function connect() { $con = mysql_connect('-', '-', '-'); if(!$con) die('Could not connect: ' . mysql_error()); mysql_select_db('-', $con); } function login($user, $pass) { connect(); $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $sql = "SELECT uid, password FROM Accounts WHERE username='$user'"; $result = mysql_query($sql); if($row = mysql_fetch_array($result)) { echo $pass . " : "; echo $row['password'] . " : "; echo decrypt($row['password']); //garbled nonsense if($pass == decrypt($row['password'])) return $row['uid']; } return -1; } function register($user, $pass, $email) { connect(); $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $pass = encrypt($pass); $email = mysql_real_escape_string($email); $sql = "INSERT INTO Accounts (username, password, email) VALUES ('$user', '$pass', '$email')"; mysql_query($sql); }?> Edited July 13, 2013 by AndrewM16921 1 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 15, 2013 Share Posted July 15, 2013 It's probably because you're combining the initializing vector with the result of the encryption. You don't need to save the initialization vector or use the same one when you decrypt, it's just to provide a random seed. You don't need to know the original initialization vector to decrypt the text. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now