PHP / mySQL encryption weirdness. Has anybody ever seen this?

moondog · 08-10-2007, 10:58 AM

I always seem to run into weird problems. Has anybody ever experienced something like this?

Setup:
I am encrypting passwords with the mysql ENCODE function, then storing them in a tinyblob field in a mysql database.

I have a test user set up with the userid of "demo1" and a password of "demo1". I was testing the change password with the encryption that I wrote. The code is straight forward:

Here is the function in the encryption class that I have:

Code:

function encrypt() {
   $sql = "select encode('" . addslashes($this->getdec()) . "', '" . $this->getsalt() . "');";
   $encryptResult = mysql_query($sql);
   $encryptRow = mysql_fetch_array($encryptResult);
   $this->setenc($encryptRow[0]);
} # end encrypt()

The code that I am using to set the password looks like this:

Code:

$c = new customer($id);
$e = new encryption($p1,'e');
$c->setpassword($e->getenc());
$res = $c->updateCustomer();

$id is the customer id
$p1 is merely the password

Now, the strangeness comes when I try to set the password to 'demo1'. It ALWAYS sets it to 'demo'. The trailing '1' gets chopped off. I can change the password to ANYTHING else that I want (for example, 'demo0', demo2', and 'test1' all work just fine).

Further, if I alter the value of the salt, I can change the password to 'demo1' without any issues.

I know the seemingly easy answer is to just change the salt. However, it begs the question, "If this happened with the combination of the original salt and the password 'demo1', will the new salt produce any weird combinations that will not take in the database too?"

Has anybody ever run into this problem? How did you solve it?

08-10-2007, 10:58 AM	#1 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 476 3,677.00 NP$ (Donate)	PHP / mySQL encryption weirdness. Has anybody ever seen this? I always seem to run into weird problems. Has anybody ever experienced something like this? Setup: I am encrypting passwords with the mysql ENCODE function, then storing them in a tinyblob field in a mysql database. I have a test user set up with the userid of "demo1" and a password of "demo1". I was testing the change password with the encryption that I wrote. The code is straight forward: Here is the function in the encryption class that I have: Code: function encrypt() { $sql = "select encode('" . addslashes($this->getdec()) . "', '" . $this->getsalt() . "');"; $encryptResult = mysql_query($sql); $encryptRow = mysql_fetch_array($encryptResult); $this->setenc($encryptRow[0]); } # end encrypt() The code that I am using to set the password looks like this: Code: $c = new customer($id); $e = new encryption($p1,'e'); $c->setpassword($e->getenc()); $res = $c->updateCustomer(); $id is the customer id $p1 is merely the password Now, the strangeness comes when I try to set the password to 'demo1'. It ALWAYS sets it to 'demo'. The trailing '1' gets chopped off. I can change the password to ANYTHING else that I want (for example, 'demo0', demo2', and 'test1' all work just fine). Further, if I alter the value of the salt, I can change the password to 'demo1' without any issues. I know the seemingly easy answer is to just change the salt. However, it begs the question, "If this happened with the combination of the original salt and the password 'demo1', will the new salt produce any weird combinations that will not take in the database too?" Has anybody ever run into this problem? How did you solve it? __________________ The mass purge has begun.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)