I am new to php and mysql and I need to do password encryption and decryption. The password will be saved in a data base, I need to use an algorithm that uses SALT varible. Can some please help me with that? Thanks in advance.

Recommended Answers

All 8 Replies

Here you'll find a nice introduction to AES.

Thanks, I am trying to use it, i was able to insert to the data base an encrypted password. But how can I validate the user password at login time. I tried the folloing but did not work:

$query="select AES_DECRYPT(psw,SECURE_KEY) from users where psw =(AES_DECRYPT('$password',SECURE_KEY)";

If SECURE_KEY is a string, it needs to be within single quotes, as shown in the examples from the link I showed you.

it is a constant

A constant in PHP I guess ?

$query = sprintf("select AES_DECRYPT(psw, '%1$s') from users where psw = AES_DECRYPT('$password', '%1$s'", SECURE_KEY);

yes I tried this in mysql for testing and worked, i will try it on php:

SELECT AES_DECRYPT( 'psw', "secretkey" ) AS psw
FROM users
WHERE psw = 'password';

Well I got this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource.
This is the code I have:

$query="select AES_DECRYPT('psw',SECURE_KEY) from users where psw ='$password'";
$result = mysql_query($query2, $GLOBALS['DB']);
if(mysql_num_rows($result)) { 
   return true;

Thank you for ur help.

ok found it, it is the constant, I had to put it in a variable to be passed to the query. I appreciate ur help

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.