How to compare data encrypted with crypt

Navigation
1

Hello, I'm trying to learn how to encrypt data. I created a php code to save the data in the mySQL database and another to compare the user input data with the database.

To encrypt I used the crypt() function. The problem is that when I do the comparison is generated a new encrypted password that does not match with the bank, how to solve it? My version of php is 5.3.4 . 

<?php

     //cadastramento
     $senha = $_POST["senha"];

    //criptografar senha
    $cript_senha =  crypt($senha);

    $sql = "SELECT senha FROM administrador";

    //cadastrar administrador   
    $sql = "INSERT INTO administrador (senha)       
    VALUES ('$cript_senha')";

    if (mysqli_query($conn, $sql)) {

         print "Registrado com sucesso!";

    } else {

        print "Error: " . $sql . "<br>" . mysqli_error($conn);
    }

?>

<?php
    //entrada do usuário 
    $senha = $_POST["senha"];

    $sql = "SELECT  senha FROM administrador";

    //quando faço a comparação não da certo, 
    //pois é gerada uma nova      
    //senha  que   não confere com a do banco

    if ((crypt($senha, $row["senha"])) == $row["senha"]) {

        print "Senhas idênticas";


    } else {

         print "Senhas diferentes ";
    } 

?>
    
asked by anonymous 30.12.2015 / 19:06

3 answers

2

To make a comparison with the encrypted password you need to have two already encrypted passwords or to encrypt them at run time, so be aware that you are comparing an encrypted password with a non-encrypted password that will never really be the same.

    
30.12.2015 / 19:10
1

The error is probably not in the check but in the database, the column where the senha is to be stored is probably set to a length of pequeno and truncando the encryption generated. I have a small example:

SQL: 

CREATE DATABASE IF NOT EXISTS 'administrador';
USE DATABASE 'administrador';

CREATE TABLE IF NOT EXISTS 'administrador' (
  'id' int(11) NOT NULL AUTO_INCREMENT,
  'senha' varchar(255) NOT NULL,
  PRIMARY KEY ('id')
) ENGINE=InnoDB  DEFAULT CHARSET=latin1;

Note that the password field is set up to 255 characters length (not enough to truncate more).

Index: 

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
        <form method="post" action="php.php?action=register">
            Senha: <input type="text">
            <input type="submit" value="Cadastrar">
        </form>
        <form method="post" action="php.php?action=login">
            Senha: <input type="text">
            <input type="submit" value="Login">
        </form>
    </body>
</html>

php.php: (registered and valid)      

$action = $_REQUEST['action'];

//cadastramento
if($action == "register") {
    @$senha = $_POST["senha"];

    //criptografar senha
    $cript_senha =  crypt($senha);

    $sql = "SELECT senha FROM administrador";

    //cadastrar administrador   
    $sql = "INSERT INTO administrador (senha)   VALUES ('$cript_senha')";

    if (mysqli_query($conn, $sql)) {
        //se ocorrer tudo certo volta para o index para ser feito login
        header("location:index.php?info=ok");

    } else {

       print "Error: " . $sql . "<br>" . mysqli_error($conn);
    }
} else if($action == "login") {
    //entrada do usuário 
    @$senha = $_POST["senha"];

    $sql = "SELECT  senha FROM administrador";
    //executa minha sql e pega o resultado em $row
    $query = mysqli_query($conn, $sql);
    $row = mysqli_fetch_assoc($query);

    var_dump($row); //mostra $row

    if ((crypt($senha, $row["senha"])) == $row["senha"]) {
        print "Senhas idênticas"; // agora ele autenticará
    } else {

         print "Senhas diferentes ";
    } 
}

This should solve your problem!

    
30.12.2015 / 20:09
0

Correct comparison 

if ((crypt($senha)) == $row["senha"]) {
    // Senhas iguais
}

I believe that the correct code in the comparison is this, not crypt($senha, $row["senha"]) as placed in the question, so I think the way I put it works.

    
30.12.2015 / 19:08
Adding character to string Call class function: MinPDO :: connect ();