decrypt password in php

gabemcmillan

I am storing a password in mySQL with a Unix crypt() value from paypal. I need to use that password to login to my site. When I try to login with the correct values, it says the password is invalid. Here is a snippit of my $query . Do I need to add anything to decrypt it?

		AND password = (password('" . $_POST['password']. "'));";

devinemke

[man]crypt[/man] is a one-way algorithm, there is no decrypt.

sidney

use ENCRYPT instead of PASSWORD then the incoming post var should match the stored password which is encrypted the same way

http://dev.mysql.com/doc/mysql/en/encryption-functions.html

gabemcmillan

This is what paypal says:

Note: Passwords sent through IPN will be hashed. The hash is generated by the UNIX crypt() function which is based on the DES hashing algorithm. For more information, type "man crypt" on any UNIX terminal.

This is what I have for my insert:

,('$password'),

This is what I have for my select :
AND password = (password('" . $_POST['password']. "'));";

I have also changed my password field to a BLOB, since that is what the mySQL manual says to do for passwords.

I tried changing password to ENCODE, like this,
AND password = (ENCODE('" . $_POST['password']. "'));";

but it threw an error. I'm new to this encryption stuff

sidney

if your password field is not encrypted somthing like below should work if the ENCRYPT function of mysql is working

AND ENCRYPT(password,salt) = '" . $_POST['password']. "';

gabemcmillan

Paypal sends it to me encrypted, I am just wanting to decript it. How would I do that?

sidney

as devinemke said you cant decrypt just encrypt your password

gabemcmillan

gotcha, I think I will get it this time, thanks for the help!