Hi Folks,
I have attached some code that I'm having problems with. i have encrypted 3 answers to questions to reactivate user acccounts when the user has forgotten his/her password - the questions are: mother's maiden name, name of first pet and shoe size
WHen the responses are entered from the form, I retrieve the ciphertext from the database, decrypt it and compare it to the user response.
I have shown through outputs that the inputted response entered through the form does match the stored answer in the database when decrypted - they are both outputting the same thing....
but when I do an if function to compare them, they are not being recognised as equal.
Any ideas would be gratefully appreciated,
Thanks Orla
$shoe=text($_POST['txtshoe']);
$pet=text($_POST['txtpet']);
$mother=text($_POST['txtmother']);
echo $pet, $mother, $shoe;
//connect to the database
require_once('connectmix.php');
//create the SQL statement
$sql = "select * from auth_users where username='$user' ";
$resulta = mysql_query($sql) or die(mysql_error());
while ($response=mysql_fetch_array($resulta))
{
//retrieve the ciphertext answers for the secret question
$encpetname=$response['petname'];
$encmaidenname=$response['maidenname'];
$encshoesize=$response['shoesize'];
}
//decode the ciphertext answers
//decrypt text
$key = "This is a very secret key";
$iv_size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decshoe = mcrypt_decrypt(MCRYPT_3DES, $key, $encshoesize, MCRYPT_MODE_ECB, $iv);
$decmaiden = mcrypt_decrypt(MCRYPT_3DES, $key, $encmaidenname, MCRYPT_MODE_ECB, $iv);
$decpet = mcrypt_decrypt(MCRYPT_3DES, $key, $encpetname, MCRYPT_MODE_ECB, $iv);
echo $decshoe, $decmaiden, $decpet ";
if ($pet==$decpet && $decshoe==$shoe && $decmaiden==$mother)
{
echo "hello there I'm inside";
//encrypt the password
$passnew=sha1($pass1);
echo $passnew;
}
else
{
echo "hello there I'm not inside";
}
}
}
