0

I'm trying to decrypt a password stored in a MySQL Workbench database. I used codeigniter's Encrypt() function. It goes into the database just fine. But when I try and run this code, I get the error: Message: strlen() expects parameter 1 to be string, object given Filename: libraries/Encryption.php I want to compare the entered password through the form to the decrypted password from the database and see if they match. I'm not sure how to rectify this and I know this might be a very rookie question but I am very much stumped. Thank you for any help!

                {               
                    $this->db->select("custPassword"); 
                    $this->db->from('customer');
                    $this->db->where('custEmail', $customerEmail);
                    $passencrypted = $this->db->get();
                    
                    $passplain = $this->encryption->decrypt($passencrypted);
                    
                    $this->db->select("custNumber"); 
                    $this->db->from('customer');
                    $this->db->where('custEmail', $customerEmail);
                    $this->db->where('custPassword', $passplain);
                    $query = $this->db->get();
            
                    $count = $query->num_rows();
                    if($count == 1)
                    {
                        return true;
                    }
                    else
                    {
                        return false;```
BigDog123
  • 1
  • 1
  • usually passwords are not encrypted but hashed. So you don't decrypt the password to compare it with the unencrypted input but instead hash the input to compare with the hashed password in the db. See [here](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – jps Jan 19 '21 at 09:18

1 Answers1

0

BigDog123 welcome to the community.

The issue in the lines

$passencrypted = $this->db->get();
$passplain = $this->encryption->decrypt($passencrypted);

As Codeignitor documentation $this->db->get() return Database result (CI_DB_result) which is an object. So when you pass $passencrypted to decrypt method, you are passing object instead of string. $this->encryption->decrypt() accept string as a parameter.

For the solution, you need to use result() or other methods from CI_DB_result class, learn more here

$passencrypted = $this->db->get()->row();
if (isset($passencrypted))
{
    $passplain = $this->encryption->decrypt($passencrypted->custPassword);
}

Note: It is better to hash the password and store it than encrypt and store it.

mail2bapi
  • 1,547
  • 1
  • 12
  • 18