PHP & MySQL: AES_Encrypt / AES_Decrypt

3,580 · February 25, 2005

Alrighty then. If I were to use the following commands they work just fine:

AES_Encrypt (PHP):

$un = david;

$pw = pass;

mysql_query(INSERT into tablename (un,pw) values ('$un',aes_encrypt('$pw','key'))",$db);

AES_Encrypt (Command Prompt):

SELECT un, aes_decrypt(pw,'key') from tablename where id=1;

However. I'm trying to write a login page based upon the encrypted data via PHP (send the data via a form and process it). I had it working perfectly - but as soon as encryption is entered things don't go my way. Here's a sample of my efforts which aren't looking too good (I am extracting from a form, but for simplicity I'm using static data).

&lt;?php

$un = david;
$pw = pass;

$result = mysql_query("SELECT un, aes_decrypt(pw,'key') FROM table_login where un='$un' and pw='$pw' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."&lt;br /&gt;";
echo "Pass". $array_r["pw"];
?&gt;

I searched google and other sites with no luck, but from what I'm told - the aes_decrypt function has to remain in the SELECT clause because it's a MySQL function and not a PHP function.

Please help me and thanks in advance.

1,309 · February 26, 2005

Your WHERE clause is comparing the unencrypted password(submitted by the user) to the encrypted password in the database, it might be easier if you use PHP to do the encryption.

3,580 · February 26, 2005

flightmike1 said:
Your WHERE clause is comparing the unencrypted password(submitted by the user) to the encrypted password in the database, it might be easier if you use PHP to do the encryption.

585535073[/snapback]

Exactly what I meant - what I cannot figure out is how to do this in PHP :(

1,309 · February 27, 2005

I would suggest mcrypt but it doesn't seem to support AES, if you are willing to use a different algorithm it might be useful.

3,580 · February 27, 2005

flightmike1 said:
I would suggest mcrypt but it doesn't seem to support AES, if you are willing to use a different algorithm it might be useful.

585539169[/snapback]

Thanks, I'm looking into it now.

1,653 · February 27, 2005

Why don't you try to do 2 querys?

&lt;?php

$un = david;
$pw = pass;

$result = mysql_query("SELECT aes_encrypt(pw,'key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."&lt;br /&gt;";
echo "Pass". $array_r["pw"];
?&gt;

:unsure:

3,580 · February 28, 2005

GatorV said:

Why don't you try to do 2 querys?

&lt;?php
$un = david;
$pw = pass;

$result = mysql_query("SELECT aes_encrypt(pw,'key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."&lt;br /&gt;";
echo "Pass". $array_r["pw"];
?&gt;

:unsure:

585544078[/snapback]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\site\login_check.php on line 4

1,653 · February 28, 2005

Well the code was wrong, but try this:

&lt;?php
$un = "david";
$pw = "pass";

$result = mysql_query("SELECT aes_encrypt('$pw','key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."&lt;br /&gt;";
echo "Pass". $array_r["pw"];
?&gt;

:cool:

February 28, 2005

If you must use AES encryption do the comparision in PHP, i.e. have the query return the decrypted password and then do a simple == comparision in PHP.

&lt;?php

$un = "david";
$pw = "pass";

$result = mysql_query("SELECT un, aes_decrypt(pw, 'key') as pw FROM table_login where un = '$un'");
$array_r = mysql_fetch_array($result);

if ($array_r['pw'] == $pw) {

   // Password is okay

   echo "User", $array_r["un"] ."&lt;br /&gt;";
   echo "Pass", $array_r["pw"];

}else {

   // password is invalid!

   echo "Boo! Hiss!";
}

?&gt;

February 28, 2005

That still won't work, you have an error on line 7:

$encrypted = mysql_fetch_array($result));

Extra end bracket. Get rid of the second bracket.

3,580 · February 28, 2005

I removed the bracket...I think I'm almost there - I found out that the data field type has to be BLOB (for some reason)...but I'm close.

3,580 · February 28, 2005

FINALLY..! (1 query aswell)

$un = $_POST["un"];
	$pw = $_POST["pw"];

	$result = mysql_query("SELECT un, aes_decrypt(pw,'mykey') from tb_login where un='$un' ",$db);
	$encrypted = mysql_fetch_array($result);

if ($encrypted[1]==$pw)
{
echo "yes";
}
else
{
echo "no";
}

I had to encrypt the password into the BLOB field first. Thanks for all the help guys.

Sign In

PHP & MySQL: AES_Encrypt / AES_Decrypt

Question

DjmUK

Link to comment

Share on other sites

11 answers to this question

Recommended Posts

Michael_C

Link to comment

Share on other sites

DjmUK

Link to comment

Share on other sites

Michael_C

Link to comment

Share on other sites

DjmUK

Link to comment

Share on other sites

GatorV

Link to comment

Share on other sites

DjmUK

Link to comment

Share on other sites

GatorV

Link to comment

Share on other sites

HeyRatFans

Link to comment

Share on other sites

Cailin

Link to comment

Share on other sites

DjmUK

Link to comment

Share on other sites

DjmUK

Link to comment

Share on other sites

Recently Browsing 0 members

Posts

Recent Achievements

Popular Contributors

Tell a friend