• 0

PHP & MySQL: AES_Encrypt / AES_Decrypt

Asked by DjmUK,

 Share

Question

Grand Master

DjmUK

Posted
Posted

Alrighty then. If I were to use the following commands they work just fine:

AES_Encrypt (PHP):

$un = david;

$pw = pass;

mysql_query(INSERT into tablename (un,pw) values ('$un',aes_encrypt('$pw','key'))",$db);

AES_Encrypt (Command Prompt):

SELECT un, aes_decrypt(pw,'key') from tablename where id=1;

However. I'm trying to write a login page based upon the encrypted data via PHP (send the data via a form and process it). I had it working perfectly - but as soon as encryption is entered things don't go my way. Here's a sample of my efforts which aren't looking too good (I am extracting from a form, but for simplicity I'm using static data).

<?php

$un = david;
$pw = pass;

$result = mysql_query("SELECT un, aes_decrypt(pw,'key') FROM table_login where un='$un' and pw='$pw' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."<br />";
echo "Pass". $array_r["pw"];
?>

I searched google and other sites with no luck, but from what I'm told - the aes_decrypt function has to remain in the SELECT clause because it's a MySQL function and not a PHP function.

Please help me and thanks in advance.

Link to comment
https://www.neowin.net/forum/topic/290091-php-mysql-aes_encrypt-aes_decrypt/
Share on other sites

11 answers to this question

Recommended Posts

  • 0
Grand Master

DjmUK

Posted
  • Author
Posted
  flightmike1 said:
Your WHERE clause is comparing the unencrypted password(submitted by the user) to the encrypted password in the database, it might be easier if you use PHP to do the encryption.

585535073[/snapback]

Exactly what I meant - what I cannot figure out is how to do this in PHP :(

  • 0
Mentor

GatorV

Posted
Posted

Why don't you try to do 2 querys?

<?php

$un = david;
$pw = pass;

$result = mysql_query("SELECT aes_encrypt(pw,'key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."<br />";
echo "Pass". $array_r["pw"];
?>

:unsure:

  • 0
Grand Master

DjmUK

Posted
  • Author
Posted
  GatorV said:
Why don't you try to do 2 querys?

<?php
$un = david;
$pw = pass;

$result = mysql_query("SELECT aes_encrypt(pw,'key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."<br />";
echo "Pass". $array_r["pw"];
?>

:unsure:

585544078[/snapback]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\site\login_check.php on line 4

  • 0
Mentor

GatorV

Posted
Posted

Well the code was wrong, but try this:

<?php
$un = "david";
$pw = "pass";

$result = mysql_query("SELECT aes_encrypt('$pw','key')");
$encrypted = mysql_fetch_array($result));
$result = mysql_query("SELECT un, aes_decrypt(pw,'key') as pw FROM table_login where un='$un' and pw='$encrypted[0]' ",$db);

$array_r = mysql_fetch_array($result);

echo "User". $array_r["un"] ."<br />";
echo "Pass". $array_r["pw"];
?>

:cool:

  • 0
Rising Star

HeyRatFans

Posted
Posted

If you must use AES encryption do the comparision in PHP, i.e. have the query return the decrypted password and then do a simple == comparision in PHP.

<?php

$un = "david";
$pw = "pass";

$result = mysql_query("SELECT un, aes_decrypt(pw, 'key') as pw FROM table_login where un = '$un'");
$array_r = mysql_fetch_array($result);

if ($array_r['pw'] == $pw) {

   // Password is okay

   echo "User", $array_r["un"] ."<br />";
   echo "Pass", $array_r["pw"];

}else {

   // password is invalid!

   echo "Boo! Hiss!";
}

?>

  • 0
Grand Master

DjmUK

Posted
  • Author
Posted

FINALLY..! (1 query aswell)

$un = $_POST["un"];
	$pw = $_POST["pw"];

	$result = mysql_query("SELECT un, aes_decrypt(pw,'mykey') from tb_login where un='$un' ",$db);
	$encrypted = mysql_fetch_array($result);

if ($encrypted[1]==$pw)
{
echo "yes";
}
else
{
echo "no";
}

I had to encrypt the password into the BLOB field first. Thanks for all the help guys.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Steam overlay's FPS counter gets major upgrade to show CPU and VRAM usage, temps, and more

      By Borken_ · Posted

      Seconded on the question. This is otherwise great for testing out systems as well.
    • MY sandisk ultra usb 3.0 256gb it only shows like 3.1gb

      By lethalman · Posted

      thanks for that yeah its real its not fake guys i got it of amazon  how do i fix this please the good thing its not fake  
    • Lian Li Lancool 216 ARGB & Fan Hub Question

      By bikeman25 · Posted

      Oh Ok thank you,   i'll try to trace which one is the front fans and go from there, i forgot i posted on this issue before oopsy.        But they might already be connected right all i know lol.       I tend to worry way too much i think  
    • Lian Li Lancool 216 ARGB & Fan Hub Question

      By Jim K · Posted

      //merged your topics as they are the same thing. Same answer as well...    
    • Facebook's mobile app is finally getting support for passkeys

      By Usama Jawad96 · Posted

      Facebook's mobile app is finally getting support for passkeys by Usama Jawad Companies and social media platforms are embracing passkeys more readily nowadays. Microsoft made new accounts passwordless by default just last month, Windows 11 has supported passkeys for quite a while, and Google hasn't been left behind either. Interestingly, while passkeys work on WhatsApp too, Facebook hasn't enjoyed the same functionality, even though both apps are owned by the same parent company, Meta. Well, that changes today. Meta has announced support for passkeys in Facebook's mobile app. For those unaware, passkeys are essentially an alternative for passwords, as they allow you to sign in to a service securely using the same means that you use to unlock your device. This includes biometric authentication mechanisms such as facial and fingerprint recognition, as well as PIN. Since you don't need to memorize or externally store a complex password, and the methods highlighted above can't be easily duped, you effectively become more secure when you leverage passkeys. Passkeys were developed by the FIDO Alliance, and Meta is a member of this collective too. Apart from highlighting the benefits of passkeys, such as being pretty much immune to phishing and password spray attacks, Meta has revealed that they are coming to the Facebook mobile app on Android and iOS. They will also be arriving on Messenger in the next few months, and both services will share the same passkey for a more streamlined experience. Meta will also allow customers to utilize this passkey to securely autofill payment information when leveraging Meta Pay. Customers can head over to the Accounts Center in the Settings area to create and manage their passkey, or alternatively, they'll also be prompted to create one when they log in to Facebook next. It is important to note that Meta isn't doing away with passwords on Facebook just yet, as all devices may not be compatible with passkeys.

  • Recent Achievements

    • First Post
      TIGOSS earned a badge
      First Post
    • Week One Done
      slackerzz earned a badge
      Week One Done
    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
    • Week One Done
      TBithoney earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      691
    2. 2
      ATLien_0
      284
    3. 3
      Michael Scrip
      222
    4. 4
      +FloatingFatMan
      198
    5. 5
      Steven P.
      132
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!