0

I have a problem with php, I am programming a php file for show by printf the data of the data base related encrypted_password. I want to pick the value and display it on screen, but does not work, I have done so:

$query = "SELECT * FROM  `users` WHERE  `email` =  '$email' ORDER BY  `users`.`uid` ASC LIMIT 0 , 30";

$result = $con->query($query);  $row = $result->fetch_array(MYSQLI_ASSOC);
printf ("consulta %s nombre: %s email:(%s) salt: %s y pass: $s\n", $query,$row['name'], $row['email'],$row['salt'],base64_encode($row['encrypted_password']));

and printf shows by screen:

consulta SELECT * FROM users WHERE email = 'elvega3009@msn.com' ORDER BY users.uid ASC LIMIT 0 , 30 nombre: XXXX email:(xxxxxxxx@msn.com ) salt: a3f7734b0e y pass:

The pass field doesn't show by screen, this data is encode in base64_encode in the data base, I don't know if that is the problem, but I need that this data shows by screen. I need help. Thank very much in advance

elvega
  • 73
  • 1
  • 2
  • 6
  • What happens if you skip base64_encode function? Do you see the value in "Pass:" field?. Did you try var_dump(base64_encode($row['encrypted_password']))?. Be careful, base64_encode is an encode schema, it can be deduced easily. For password you need an encryption mechanism (hash functions) like md5 o sha. See http://stackoverflow.com/questions/3993937/which-is-best-encryption-method-base-64-or-md5 – Emiliano Sangoi Jul 21 '15 at 00:58

1 Answers1

0

Try putting %s instead of $s at the end of the line:

printf ("consulta %s nombre: %s email:(%s) salt: %s y pass: $s\n", `$query,$row['name'],` $row['email'],$row['salt'],base64_encode($row['encrypted_password']));

You also should use md5 or sha1 function for store passwords.

Emiliano Sangoi
  • 921
  • 10
  • 20
  • Hi, thanks for your answer . I have read about md5 and sha1 for encrypt and It's easy but How I could decrypt with these functions? – elvega Jul 22 '15 at 21:23
  • They can't be decrypted easily, thats the idea. You're going to store your hashed password in a database and then you're only going to compare the password's hash fetched from the database with the password inserted by the users. e.g. ($hashPassFromDB == md5($_POST['password']). You can see an example in this post: http://stackoverflow.com/questions/488804/php-mysql-compare-password and you can learn a bit more about password hashing in this excellent post: http://www.sitepoint.com/password-hashing-in-php/ – Emiliano Sangoi Jul 23 '15 at 19:26