CodeIgniter Forums
Encryption Class - How do I? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Encryption Class - How do I? (/showthread.php?tid=29725)



Encryption Class - How do I? - El Forum - 04-19-2010

[eluser]01010011[/eluser]
Hi,

I have created a registration page using CI that works fine. However, I encoded the password using sha1 (see code snippet below), and now that I plan to create a login page, I need to check whether the password the user enters in the login page is the same as that password encoded using sha1 stored in the database. However, I just realized that sha1 is non-decodable.

So how do I use the encryption class to both encrypt and then decrypt this password? Any assistance will be appreciated. Thanks in advance.
Code:
function register_user($username, $password, $name, $email, $activation_code)
{
  $sha1_password = sha1($password);
  $query_str = "INSERT INTO table_name (username, password, name, email, activation_code) VALUES (?,?,?,?,?)";

  $this->db-query($query_str, array($username, $sha1_password, $name, $email, $activation_code));
}



Encryption Class - How do I? - El Forum - 04-19-2010

[eluser]garymardell[/eluser]
You don't need to decrypt the sha1, all you need to do is encrypt the password given and check if it matches the stored password.


Encryption Class - How do I? - El Forum - 04-19-2010

[eluser]01010011[/eluser]
[quote author="garymardell" date="1271725238"]You don't need to decrypt the sha1, all you need to do is encrypt the password given and check if it matches the stored password.[/quote]

Thanks for your reply garymardell. That sound really easy.

I'm new to this and there is something I am not understanding here. I did not realize that this hash that is produced by the sha1 and stored in the database could be accurately compared with an encrypted password from the login page ... I thought they would be different inspite of the password being the same.