Password encrypt problem

[eluser]DiogoAbdalla[/eluser]
Hello all.

I am a freelancer PHP programmer and Ive recently taken a project to add some new sections to a website made using CodeIgniter.

After copying the database and code and files to my machine (WAMP, using PHP 5.2), I changed a few path settings and got the website working perfectly. So far, so good.

But when I try to log on the admin area of said website, my password wanst matching. This is the same code and the same database, and that password works when in the production server.

So I went to the code to find out what could be wrong. I found this:

Code:

if($pwd == $this->encrypt->decode($row->user_pwd))

Where $row is the user loaded from the database, and $pwd is the password form the login form. OK, makes sense: the password is stored encrypted, then its decoded to match the password typed by the user. But why that same password matches online, but not on my machine?

I checked the database first. Found the exact same hash on both databases (online and local).

So I went to see what "$this->encrypt->decode($row->user_pwd))" is giving me. And I found that, on my machine, it spits something like this:

Code:

OG���V�u�1g���[��WM�a�C��O�

Instead of the password it was supposed to be.

So, why is this happening? My local server is working fine, never had any problems with it. What CI uses to encrypt and decrypt those passwords that is producing different results on both machines?

They are different machines, of course: the production server is linux (dont know which one), while my local machine is Windows 7. But both are using PHP 5.2 and MySQL 5.1.

Anybody could help figure why this happens? And how can I fix it?

Any help will be much appreciated.

[eluser]bretticus[/eluser]
CI encryption/decryption is not hashing. Your passwords are actually less secure by using reversible encryption than if you used simple hashing with salt. You might want to reconsider how you store passwords in your database.

Check your $config settings to see if the KEY is the same on your machine as the live server.

Code:

$config['encryption_key'] = "KEY";

It's located in the application/config/config.php file.

[eluser]DiogoAbdalla[/eluser]
Thanks for answering.

You might be right on what you said about the passwords, but then again, it wanst me who built the site, I am just adding some stuff to it. I will pass your advice to my costumer, though.

About the key: it is the same in both configs: after I downloaded the code to my machine, I only changed what the paths in config.php and database access parameters in database.php, nothing else. Funny thing is that the key is set to "".

So, any other ideas on why the passwords are not being properly decrypted on my local server?

[eluser]bretticus[/eluser]
[quote author="DiogoAbdalla" date="1285145834"]So, any other ideas on why the passwords are not being properly decrypted on my local server?[/quote]

Yup, check to see if mcrypt is enabled on the production server. If so, make sure you have it enabled on your WAMP stack. When the mcrypt functions are not available, the lib uses xor.

[quote author="DiogoAbdalla" date="1285145834"]
About the key: it is the same in both configs: after I downloaded the code to my machine, I only changed what the paths in config.php and database access parameters in database.php, nothing else. Funny thing is that the key is set to "".[/quote]

Wow, great key, wonder what the md5 hash of nothing is? At the least, you might want to decrypt your database and re-encrypt with a proper key.

[eluser]DiogoAbdalla[/eluser]
You were right: it wanst enabled on my server. Now is decoding properly.

Thanks a lot for your help, friend. I will see to at least re-encode those passwords with a key.