Jump to content

[5.0.77] AES_ENCRYPT / AES_DECRYPT


Shp0ngl3

Recommended Posts

I've been trying to get this to work now since yesterday, but with no luck.

 

I run these two queries in Navicat..

 

UPDATE tbl_members SET member_password=AES_ENCRYPT('password', '1234567890123456') WHERE member_username='rk';
SELECT * FROM tbl_members WHERE member_username='rk' AND member_password=AES_DECRYPT('password','1234567890123456');

 

When I check the member_password field (blob) I find ™Ã7Ée“ûË+{£#”U)Ã, but still the result from SELECT is empty.

 

Anyone has any ideas on how to solve this issue?

 

Regards,

Shp0ngl3

Link to comment
Share on other sites

this

UPDATE tbl_members SET member_password=AES_ENCRYPT('password', '1234567890123456') WHERE member_username='rk';

encrypts the password so the password changes from 1234567890123456 to ™Ã7Ée“ûË+{£#”U)Ã

 

So when selecting the WHERE need to find the encrypted password NOT the decrypted one!

you only decrypt when you want to view it like this

SELECT *, AES_DECRYPT('password','1234567890123456') as DecrypedPassword FROM tbl_members WHERE member_username='rk' AND member_password=AES_ENCRYPT('password', '1234567890123456');

 

However why encrypt it ? why not use a hash, ie SHA or MD5

 

another other is to decrypt the field in the where ie

SELECT *, AES_DECRYPT('password','1234567890123456') as DecrypedPassword FROM tbl_members WHERE member_username='rk' AND AES_DECRYPT('password', `member_password`) = '1234567890123456';

Link to comment
Share on other sites

Thanks alot for the reply MadTechie. I will try it out when I get back to work on monday.

 

About your question, why not using hash. I must say that in the perfect world I would do that without hesitation, but because of how the system I work on was built before I started working there, and that my boss want's to be able to return the passwords as plaintext, I'm afraid that's not an option :( Tried talking him into letting me rewrite the login system etc, but no luck...

 

Regards,

Shp0ngl3

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.