SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Aug 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    weird password detection problem

    Hi All,
    I have developed a website in PHP 5.0. This site requires users to register using unique password. I store the password in encrypted form into mySQL 5.0 DB by using following into update statement -
    UPDATE user SET password1=AES_ENCRYPT('".$_POST["password"]."','password')
    ....

    the query to retrieve the user is -
    SELECT * FROM user WHERE userid like BINARY '".$_POST["userid"]."' AND password1 like BINARY AES_ENCRYPT('".$_POST["PASSWORD"]."','password')";

    ----
    Above functionality works fine for all the cases except for the user whose password is sagar2001 Basically, if a user login attempt with password sagar2001 fails retrieving any record in above select query.

    Isn't that weird? I can't figure out what's going on. Any help is appreciated.

    Thanks in advance.

    p.s.: SAGAR2001 password works fine. Having it saved in non-binary does not help either - problem still stays.

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    have you tried the query without using php?

    for example, using phpmyadmin?

  3. #3
    SitePoint Evangelist dscriptor's Avatar
    Join Date
    Oct 2005
    Location
    in front of my computer
    Posts
    571
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, test your query (sql) statement inside mysql query browser or phpmyadmin.
    happy is the man that finds wisdom....wisdom in {PHP}.


  4. #4
    SitePoint Member
    Join Date
    Aug 2006
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, i've tried it setting/querying with MySQL Query Browser. But, same result.

    SELECT count(*) FROM user WHERE password1 like BINARY AES_ENCRYPT('sagar2001','password');

    returns 0 rows.

    Thanks for prompt reply.

  5. #5
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    maybe "sagar2001" was originally entered incorrectly, which would explain it all. how do you check? i dont know anything about aes_encrypt, i use md5, but if you can use it in php, do this

    PHP Code:
    $enc AES_ENCRYPT("sagar2001");
    echo 
    $enc
    and see if it is the same as the password stored in the database

    oh, and welcom to sitepoint. I usually get a post back in minutes, whereas some forums take hours
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •