Encryption Issue

[AndrewM16921]

I'm trying to write a little password encryption tool (mostly as a learning experience - but I may end up using it too ). And the encryption and decryption functions I wrote seem to work just fine (see crypt_test.php below). But, for some reason when I try to decrypt a result from a MySql database it doesn't seem to work (see db.php below). Not sure if it's some sort of weird data type issue? Or something else entirely. Code is below... maybe somebody can point me in the right direction. :/

Edit: Seems the encryption function creates a whole different string each execution, which is why the test worked but the db stuff doesn't. Guessing it has something to do with MCRYPT_RAND... help still appreciated though.

Thanks ahead of time.

crypt.php

<?php  function encrypt($s)  {    $key = pack('H*', "-"); //took out keys for forum post    $key_size =  strlen($key);    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);    $s_utf8 = utf8_encode($s);    $cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $s_utf8, MCRYPT_MODE_CBC, $iv);    $cipher = $iv . $cipher;    $cipher_base64 = base64_encode($cipher);    return $cipher_base64;  }  function decrypt($s)  {    $key = pack('H*', "-"); //took out keys for forum post    $key_size =  strlen($key);    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);    $cipher_dec = base64_decode($s);    $iv_dec = substr($cipher_dec, 0, $iv_size);    $cipher_dec = substr($cipher_dec, $iv_size);    $decipher_utf8 = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,  $cipher_dec, MCRYPT_MODE_CBC, $iv_dec);    $decipher_utf8 = str_replace("0", "", $decipher_utf8);    return $decipher_utf8;  }?>

crypt_test.php

<?php  include('crypt.php');  $p = "password";  $c = encrypt($p);  $d = decrypt($c);  echo $p.'<br />';  echo $c.'<br />';  echo $d.'<br />'; //works just fine?>

db.php

<?php  include_once('crypt.php');    function connect()  {    $con = mysql_connect('-', '-', '-');    if(!$con)      die('Could not connect: ' . mysql_error());    mysql_select_db('-', $con);  }  function login($user, $pass)  {    connect();    $user = mysql_real_escape_string($user);    $pass = mysql_real_escape_string($pass);    $sql = "SELECT uid, password FROM Accounts WHERE username='$user'";    $result = mysql_query($sql);    if($row = mysql_fetch_array($result))    {      echo $pass . " : ";      echo $row['password'] . " : ";      echo decrypt($row['password']); //garbled nonsense            if($pass == decrypt($row['password']))        return $row['uid'];    }    return -1;  }    function register($user, $pass, $email)  {    connect();    $user = mysql_real_escape_string($user);    $pass = mysql_real_escape_string($pass);    $pass = encrypt($pass);    $email = mysql_real_escape_string($email);        $sql = "INSERT INTO Accounts (username, password, email) VALUES ('$user', '$pass', '$email')";    mysql_query($sql);  }?>

Edited July 13, 2013 by AndrewM16921

[justsomeguy]

It's probably because you're combining the initializing vector with the result of the encryption. You don't need to save the initialization vector or use the same one when you decrypt, it's just to provide a random seed. You don't need to know the original initialization vector to decrypt the text.