weird password detection problem

[cooldude123]

Hi All,
I have developed a website in PHP 5.0. This site requires users to register using unique password. I store the password in encrypted form into mySQL 5.0 DB by using following into update statement -
UPDATE user SET password1=AES_ENCRYPT('".$_POST["password"]."','password')
....

the query to retrieve the user is -
SELECT * FROM user WHERE userid like BINARY '".$_POST["userid"]."' AND password1 like BINARY AES_ENCRYPT('".$_POST["PASSWORD"]."','password')";

----
Above functionality works fine for all the cases except for the user whose password is sagar2001 Basically, if a user login attempt with password sagar2001 fails retrieving any record in above select query.

Isn't that weird? I can't figure out what's going on. Any help is appreciated.

Thanks in advance.

p.s.: SAGAR2001 password works fine. Having it saved in non-binary does not help either - problem still stays.

[clamcrusher]

have you tried the query without using php?

for example, using phpmyadmin?

[dscriptor]

yes, test your query (sql) statement inside mysql query browser or phpmyadmin.

[cooldude123]

Yes, i've tried it setting/querying with MySQL Query Browser. But, same result.

SELECT count(*) FROM user WHERE password1 like BINARY AES_ENCRYPT('sagar2001','password');

returns 0 rows.

Thanks for prompt reply.

[Jake Arkinstall]

maybe "sagar2001" was originally entered incorrectly, which would explain it all. how do you check? i dont know anything about aes_encrypt, i use md5, but if you can use it in php, do this

PHP Code:

$enc = AES_ENCRYPT("sagar2001");
echo $enc; 


and see if it is the same as the password stored in the database

oh, and welcom to sitepoint. I usually get a post back in minutes, whereas some forums take hours