I am creating a website that i want to connect with the existing database(it was a database of our system) it already has a data stored like user accounts,
now in my website there is a login form
what I want is I can i log in using the user accounts of my existing database
but that database stored data are encrypted like the password
I also have the decrypt/encrypt key
I just don’t know how to make a query or how to do it in php
please help me
Thank you so much
I am a beginner in php
I’d recommend the first step might be to try to recover one user account from the database - just write a bit of PHP code that takes a username and password and attempts to verify it against the database. Once you’ve got that working, stuff like adding a form so the user can type in their details is really easy.
what I did first is , I made a PHP code that when I enter the username the password will show, but the password it showing is encrypted it shows some random symbols.
I can decrypt it on mysql query
but i cant execute it in php code
I guess the Passwort is not encrypted but hashed. And if you want to get real the password out of the database this is not possible as it is not stored there but only a hash of it. That’s the normal behavior. A password should never ever be stored in a database. Even not encrypted
it actually use cipher so I believe it is encrypted
What type of encryption does your system use to store the password?
Consider posting one of your “encrypted” passwords. Ideally a test account of some sort.
It’s often possible to guess the format just be looking at the results.
More than likely you will have to track down the process that was used to originally encrypt it. Or else just force users to change their passwords.
the encyption is in AES
as i’ve searching there are things I saw like “iv” “cipher method” where should I find it?
the database was currently used for an existing application that we are using here in the hospital, the developer encrypted some data like passwords etc., he gave me the encryption key but he don’t know how to deploy it in php since he is not a web programmer
when I am trying to take it from the database it looks like this
AES cipher
Do i need to make the encrypt function first? before executing the decryption?
To be honest I do not know from which country you are, but do you really think it is a good idea to use the patients personal data for your first steps in developing software? This is the most sensible data you can find in the world and you want to do try and error with it?
sorry I’m not really good at explaining
that system has a modules for employees not the patient we have a different database for the patient
what we need is the employee’s information
our requirements is to not create another database for the website since the function is a bit same with the already made system
we only want that our employee can log in on the website without creating another credentials
and encoding again some employees information
Just be careful with sensitive data (and who you’re giving access to that data!) because of various laws.
Towards the point of the thread, however: openssl_encrypt can take your plaintext password entry and encrypt it for comparison against the database entry. You will need to know what specific flavor of AES was used to encrypt that values, and you’ll need the passphrase and IV used to initially encrypt them.
Consider going back to the developer and getting more details. Did he use a database thing? Maybe a .NET module? Some other language? Don’t let the “I don’t do PHP” stop you. The developer knows more about the specific implementation and you need to extract a few more details from them. Or escalate it to your manager.
he is using a powerbuilder and mysql for database
in power builder its so easy to execute the encrypt/decrypt function but whenever we move to php (given that we both don’t have an advance knowledge when it comes to web development though we have all the requirements to execute just that don’t know how to code it in php )
well anyway, I think I’ll stop here as someone already replied my post on some other forum with the steps, will just try to follow it.
Thank you for giving time on this post.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.
