CodeIgniter Forums
Login with the encryption class - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Login with the encryption class (/thread-40839.html)



Login with the encryption class - El Forum - 04-20-2011

[eluser]PQMailer[/eluser]
Hello,

I have a little problem. I want to use the encryption class to encode the mail addresses and the passwords in the database. I want to check the login with the email address. But the encryption class always generates an other encoded string. To check if the e-mail address exists i found a solution. I wanted to use something like this.

Code:
$this->db->select('email');
$control = $this->db->get('users')->result_array();
$email_decode = array();
foreach($control as $value):
array_push($email_decode, $this->encrypt->decode($value['email']));
endforeach;
if( ! in_array($input['email'], $email_decode)){
echo $this->lang->line('login_wrong_email');
exit;
}


But how can i check the password ? Because i can't use something like this, if the mail address is encoded.

Code:
$email = $input['email'];
$query = $this->db->get_where('users', array('email' => $email));
$row = $query->row();
if($row->password != $input['password']){
echo $this->lang->line('login_wrong_password');
exit;
}

Do anyone have an idea how a login with the encryption class can be realized ?


Login with the encryption class - El Forum - 04-20-2011

[eluser]danmontgomery[/eluser]
You really should not be storing passwords with two-way encryption. If you're set on this course, it looks something like:

Code:
$this->db->where('email' => $this->encrypt->encode($email))->where('password' => $this->encrypt->encode($password))->get('users');

If you decide to store passwords with a one-way hash, as you should, the logic is the same, just using whichever hashing method you decide.

Code:
$this->db->where('email' => $this->encrypt->encode($email))->where('password' => $this->encrypt->sha1($password))->get('users');



Login with the encryption class - El Forum - 04-20-2011

[eluser]PQMailer[/eluser]
Yes you are right. I found a nice function.
Code:
function _prep_password($password)
{
     return sha1($password.$this->config->item('encryption_key'));
}

But if i use this it won't work i think, because the encrypted string always looks different.

Code:
$this->db->where('email' => $this->encrypt->encode($email))

Because of that i decoded all the e-mail addresses with foreach.

Code:
foreach ( $control as $value ):
array_push( $email_decode, $this->encrypt->decode( $value['email'] ) );
endforeach;