-2

I want to save my password in encrypted formatting, so, I saved my password using base64_encode in table, For login when i used to fetch my password again in decode format, using base64_decode, it returns blank data, please help me for better solution. Here is my code.

login_admin.php


    <?php
    
    include('connection.php');
    
    
    if(isset($_POST['submit'])){
        $email = $_POST['email'];
        $password = decryptIt($_POST['pwd']);
        print_r($password); die;
        $_SESSION['email'] = $email;
        $_SESSION['password'] = $password;
        $admin= $_SESSION['email'];
        $query = "SELECT * FROM `user` Where (email = '$email' && role_id = 'admin' )";
        $result = mysqli_query($conn, $query);  
        $row = mysqli_fetch_assoc($result);
        if($row > 0){
                if($admin == $row['email'] && $password == $row['password']){
                    header('location:dashboard1.php');
                }
        }
    }
    
    else{
        echo "Login Failed";
    }
    
    ?>

connection.php


    <?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "example_user";
    $conn = new mysqli($servername, $username, $password, $dbname);
        if ($conn->connect_error) {
            die("Connection failed: " . $conn->connect_error);
        }   
        function encryptIt( $q ) {
            $cryptKey  = 'qJB0rGtIn5UB1xG03efyCp';
            return base64_encode( base64_encode($q).'+'.$cryptKey );
        }
        function decryptIt( $q ) {
            $cryptKey  = '+qJB0rGtIn5UB1xG03efyCp';
            return  base64_decode(str_replace($cryptKey, "",base64_decode( $q ))) ;
        }
    ?>
Parteek Kumar
  • 69
  • 5
  • 1
    Please note that base64 **is not encryption**. Storing passwords in base64 is [no different than storing them in plaintext](https://sempf.net/post/base64-is-not-encryption), as it’s trivially reversed. Please use a modern, robust encryption format like [bcrypt](https://en.wikipedia.org/wiki/Bcrypt?wprov=sfti1) instead. – superhawk610 Mar 24 '21 at 07:07
  • Please see how password hashing is properly done with [PHP's built-in functions](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords). – El_Vanja Mar 24 '21 at 10:21

1 Answers1

0

Code seems fine, try to put check in the "decryptIt" method for empty value in parameter.

function decryptIt( $q ) {
if($q==''){
return array('error'=>1,"msg"=>"parameter cant be empyt")
}else{
    
    $cryptKey  = '+qJB0rGtIn5UB1xG03efyCp';
    return array('success'=>1,"decrypt"=>base64_decode(str_replace($cryptKey, "",base64_decode( $q ))))
}}
baijugoradia
  • 140
  • 7