hi,
can anybody tell me how i can use mysql's aes_enrypt & decrypt to enrcypt and store password into mysql database then retrieve it in normal form. For example, i want to build php's forgot password function so that i can send plain-text password to user's email
thanks,
3 19398 nathj 938
Recognized Expert Contributor
Hi,
I've never used this myself. Have you read this ? i got this on a simple Google search.
I should say that for passwords I generally prefer hashing them. this means the original can't be extracted - making it a bit more secure. I always think that if I can decrypt the password so can someone else!
Have a look at php hash(). So if you do the following:
[PHP]
$lcHashed = hash('sha256', $lcStringToHash ) ;
[/PHP]
This will always give a string of the same liength regardless of the input. If this is for passwords and user forgets the password then you can't re-supply it but you can simply generate a new one and email it to them at their registered email address.
Cheers
nathj
using hash() to encrypt password and generating a new one if necessary is quite popular but that's not the case i'm dealing with :D
anyway, i've found the way to work with aes_encrypt/aes_decrypt, which's quite simple:
encrypt: password is stored in encrypted form, with 'key' defined by ourselves
[php]
mysql_query("IN SERT INTO table (username, password) VALUES ('$un', aes_encrypt('$p w','key'))");
[/php]
decrypt: password is retrived in normal plain-text form:
[php]
mysql_query("SE LECT aes_decrypt(pas sword, 'key') FROM table WHERE email = '$email'");
[/php]
then we can help the user find his original password :D
pbmods 5,821
Recognized Expert Expert
Heya, tuananh87vn.
You encrypt the User's password using industrial-strength encryption, maybe have him login over an SSL connection...
... and then you transmit his password in cleartext over one of the most insecure media on the internet.
I'll save you the $300/hr security analysis session. There's a chink in your armor.
Rather than send the User his password, simply send him a link that he can click on to reset his password, instead.
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Gordan |
last post by:
mysql> select aes_encrypt('gordan', 'abc');
+------------------------------+
| aes_encrypt('gordan', 'abc') |
+------------------------------+
| p§Èb9??_é?0ö?LIÝ |
+------------------------------+
I would like to "emulate" that function in PHP. I know that MySQL AES algorithm
is RIJNDAEL_128 so I tried the following code
<?php
|
by: Marcus |
last post by:
Hello,
I have been storing passwords in my database via AES_ENCRYPT and using
AES_DECRYPT if I need to retrieve them in readable form. For the most
part everything works fine, but I noticed that a few entries when
returned using AES_DECRYPT register as NULL.
The column in question is of type TINYBLOB, and has a NOT NULL
constraint. Passwords are all between 6 and 10 characters in length.
When I searched the net for similar problems,...
|
by: veg_all |
last post by:
If all my columns are encrypted, is it true that I can not use a simple
'select * from' anymore. Instead I need to do:
select AES_DECRYPT( column1 , 'mykey' ), AES_DECRYPT( column2 ,
'mykey' ),
AES_DECRYPT( column3_etc... , 'mykey' )
This would make my code rather long . Is there a shortcut I am missing?
|
by: veg_all |
last post by:
I am using AES_DECRYPT and AES_DECRYPT to store my datat in mysql
databases. I want to be able to download these as csv files and have a
php script decrypt them. I can use bin2hex to convert to text , but I
cant figure out how to decrypt the hex to plaintext using php? I have
tried this without success, as AES is not recognized.
$input = 'some encrypted data in hexadecimal';
$len = strlen ( $input );
$input = pack("H" . $len, $input...
|
by: mankolele |
last post by:
Since MD5 is not recommended which other can be used.
| |
by: Paul |
last post by:
I encrypted a database field using MySQL AES_ENCRYPT() from a mysql command
prompt. But I need to encrypt and decrypt at will in the php code as
records are added and viewed.
I can easily decrypt it because the code specifies a Query. But the INSERT
is an ADODB insert:
$_POST = 83;
....
runQuery($db ->GetInsertSQL($rs, $_POST, true));
|
by: Paul |
last post by:
I want to add a binary element (AES_ENCRYPT()) to a $_POST array. I need to
make it binary because it is going into a BLOB field.
$results = $dbr->Execute('select * from table1 where id='.$_GET);
....
// validation take place and now is processed
$_POST = $dbr->GetOne('select
AES_ENCRYPT('.trim($_POST).', \'salt*&)#\')');
// there are other $_POST fields that are in cluded in the next line
// GetInsertSQL is a function that eventually...
|
by: techani |
last post by:
hi , I have a problem in the following program (at the first link ) , which is : I send a simple encrypted message in AES , the encrypting and sending operations is done ok with no any problems , but when receiving and decrypting , the message decryption operation gives an exceptions , Although the decryption operation is done absolutely very well ( the second link improves that ) , some body tells me what is the problem Exactly please...
|
by: wizardry |
last post by:
Good evening -
thanks in advance for you help!
attached is my query, and html table layout.
I'm trying to query 3 tbles in one select statement, and return the data to html table.
it work before when i had it broken down into three select statements and three results.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |