now how do i decrypt for log in?

trinitywave

I got the Encryping for my log in page thanks for help guys now how do i decrypt it when user logs in this is my code?

<?php require_once('../Connections/nordeggrocks.php'); ?>
<?php
mysql_select_db($database_nordeggrocks, $nordeggrocks);
$query_Recordset1 = "SELECT * FROM tb_clients ORDER BY Password ASC";
$Recordset1 = mysql_query($query_Recordset1, $nordeggrocks) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

// Start the session
session_start();
// Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".htmlentities($HTTP_SERVER_VARS['QUERY_STRING']);
if (isset($HTTP_POST_VARS['username'])) {
$FF_valUsername=$HTTP_POST_VARS['username'];
$FF_valPassword=$HTTP_POST_VARS['password'];
$FF_fldUserAuthorization="";
$FF_redirectLoginSuccess="test.php";
$FF_redirectLoginFailed="administrationtools.php";
$FF_rsUser_Source="SELECT Username, Password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM tb_clients WHERE Username='" . $FF_valUsername . "' AND Password='" . $FF_valPassword . "'";
mysql_select_db($database_nordeggrocks, $nordeggrocks);
$FF_rsUser=mysql_query($FF_rsUser_Source, $nordeggrocks) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

swr

You don't decrypt. If you're using the password() function in mysql as suggested in the previous thread, then there is no way to decrypt it.

What you want to do is encrypt the password, and compare it to the version you encrypted before.

Copying + editing the code posted by laserlight:

$selectSQL = sprintf("SELECT * from tb_clients where `Username` = %s and `Password` = password(%s)",
GetSQLValueString($HTTP_POST_VARS['Username'], "text"),
GetSQLValueString($HTTP_POST_VARS['Password'], "text"));

laserlight

Place your PHP code with [php] and [/php] to ease readability.

Well, if you're using crypt (via password()), then there isnt a reverse function to decrypt it.

You'll have to use the same function on the user input to test if it matches the one stored in the database.

Actually, it probably would be better to use the [man]md5/man or [man]sha1/man hashes if you want to do things that way, since they are guaranteed to produce the same hash for the given values, while I think crypt may also depend on a salt value.

Weedpacket

Originally posted by laserlight
Actually, it probably would be better to use the [man]md5/man or [man]sha1/man hashes if you want to do things that way, since they are guaranteed to produce the same hash for the given values, while I think crypt may also depend on a salt value.

I thought I'd just add to laserlight's comment that since both PHP and MySQL have MD5 functions, it would probably be better to use PHP's, which works correctly, while MySQL's implementation has been reported to be buggy.