Welcome Guest, Not a member yet? Register   Sign In
Encrypted password not coming across correctly?


First, thanks in advance — love you guys. Smile

Second, I have a very simple model method to check my MySQL database during a login procedure...and was hoping to store the passwords in the database encrypted. Here's the model method:

function checkLogin($username, $password)
        $securePass = $this->encrypt->encode($password);
        $sql = "SELECT * FROM users WHERE username = ? AND password = ?";
        $query = $this->db->query($sql, array($username, $securePass));
        if($query->num_rows() > 0) {
            return TRUE;

This ALWAYS fails. Even though I've checked the value of $securePass to the contents of the database — they seem identical.

When I comment out the encrypt command and just store the password in plain text, this method works fine, so it has SOMETHING to do with the encryption method. The field in the database is plenty large enough (256 Varchar), and as I said, the contents seems identical.

Could there be a character in the encrypted password that is screwing up the query? Is there a "safer" encryption algorithm I could/should use, rather than the default?

In the end, I don't HAVE to encrypt the passwords, but it would be nice.

Anyone seen anything similar to this, or have an idea where I should turn next in debugging?


[eluser]Colin Williams[/eluser]

What's the error you're getting? Also, have you set a key for the encryption library in your config.php?

I use:
md5(time() * rand());
to generate mine.

Ok, I think I see what's happening. When I run:

        $securePass = $this->encrypt->encode($password);

I get DIFFERENT results every time. I THOUGHT since my salt in config.php is CONSTANT, it should give me the same string every time I run it on a given password — so I have the same thing to compare to what's in the database. That does not seem to be occurring.

Am I using the wrong library for what I'm trying to achieve? I just want to reliably encode the password when I store it, and be able to do the encode again when someone types IN that password to, ya know verify the login.

Simple, right?

What am I doing wrong??

Through some searching of the forums:


Appears to be the answer to my question.

Theme © iAndrew 2016 - Forum software by © MyBB