0

I tried to add password encryption some time ago. The problem is that when I try to log in, it tells me that the password is not correct

    public static function fnEncrypt($sValue, $sSecretKey)
{
    return rtrim(
        base64_encode(
            mcrypt_encrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey, $sValue, 
                MCRYPT_MODE_ECB, 
                mcrypt_create_iv(
                    mcrypt_get_iv_size(
                        MCRYPT_RIJNDAEL_256, 
                        MCRYPT_MODE_ECB
                    ), 
                    MCRYPT_RAND)
                )
            ), "\0"
        );
}

DB:enter link description here

Jimmi Jimmi
  • 51
  • 1
  • 4
  • Why don't you try SHA algorithms? – Rohit.007 Jun 08 '18 at 17:24
  • You might like it. https://stackoverflow.com/a/1289114/8179245 – Rohit.007 Jun 08 '18 at 17:26
  • What PHP version are you using? Check here too https://stackoverflow.com/a/27254578/8179245 – Rohit.007 Jun 08 '18 at 17:28
  • SHA looks good but one of the most problems is i.m beginner, so idk if i know to switch encrypt method.For implementation i need to switch old public with new? – Jimmi Jimmi Jun 08 '18 at 17:34
  • What algorithm has been used to insert the password? – Rohit.007 Jun 08 '18 at 17:37
  • http://php.net/manual/en/function.mcrypt-encrypt.php – Jimmi Jimmi Jun 08 '18 at 17:40
  • I'm assuming, this function `public static function fnEncrypt` is being used for both operations (Insertion & selection). Are you using the stored procedures? – Rohit.007 Jun 08 '18 at 17:42
  • No, sorry.I have 2 publics, 1 for encrypt and 1 for decrypt: https://pastebin.com/2Ajyrb59 When i insert the password i use:https://pastebin.com/CaadXXzB – Jimmi Jimmi Jun 08 '18 at 17:48
  • What I suggest, Passwords should always be one way encrypted so that no one can decrypt it. So rather than decrypting what available in the database, you should encrypt the typed password from the login page and match the encrypted with encrypted password... Say you have `asdfasdf232323` password in database which is in encrypt form of `Hello` and from logic page, I have provided the `Hello` as password, then you should encrypt the `Hello` again, and then compare it with the available one in the database – Rohit.007 Jun 08 '18 at 17:53

0 Answers0