asked on

add the encrypt key to the user but got error

I have added the encrypted key and hash to the user but after that it showing the error..it has been attached. please advice what would be the cause.
eror1.bmp

champ4you

ASKER

Please advice how to assign hash and encrypt key for a user.

This is the example of code i am using in php :

sprintf("SELECT AES_DECRYPT('%s', UNHEX(md5('%s'))) AS decrypted_key",
mysql_real_escape_string($encrypted_key),
mysql_real_escape_string($user_password));

virmaior

that does not call MySQL in any way...

you would need to implement it wholly in php for that to make any sense.

Insoftservice inso

Hi champ4you,

I completely agree with virmalor,
Should i provide you the complete step that would not only encrypt your data but even it can be decrypted easily. since , further you would require it to decrypt the data it would create problem since md5 does not have proper decryption method.

Is it necessary to decrypt with md5.

Please reply so that i can provide you with other method.
It would not for today but even for further stages of your project.

ahoffmann

please post the codelines which set $encrypted_key and $user_password and the code line with the mysql query

champ4you

ASKER

Thank you All, Sure Insoftservice, Please provide me the steps included ...no problem ..not necessary to use md5..please suggest.

Thanks:)

champ4you

ASKER

if ($button4=="add") {

if ($this_page == $generated_page) {

$sql =sprintf("SELECT `encrypt_key` FROM `web_usernames`
WHERE `username` = '%s'",
mysql_real_escape_string($username));

$result = do_mysql_query($sql);
$myrow = mysql_fetch_array($result);
$encrypted_key = $myrow["encrypt_key"];

$sql = sprintf("SELECT AES_DECRYPT('%s', UNHEX(md5('%s'))) AS decrypted_key",
mysql_real_escape_string($encrypted_key),
mysql_real_escape_string($user_password));

$result = do_mysql_query($sql);
$myrow = mysql_fetch_array($result);
$decrypted_key = $myrow["decrypted_key"];

$sql = sprintf("SELECT AES_ENCRYPT('%s', '%s') AS encrypt_username,
AES_ENCRYPT('%s', '%s') AS encrypt_password",
mysql_real_escape_string($fm_username),
mysql_real_escape_string($decrypted_key),
mysql_real_escape_string($fm_password),
mysql_real_escape_string($decrypted_key));
$result = do_mysql_query($sql);
$myrow = mysql_fetch_array($result);
$encrypt_username=$myrow["encrypt_username"];
$encrypt_password=$myrow["encrypt_password"];

if ($server_type==1) {
$sql=sprintf("INSERT INTO `hw_passwords` ( `password_id`, `server_id`, `username`,
`password`, `sun_type_id` )
VALUES ( NULL, '%s', '%s' , '%s', '%s')",
mysql_real_escape_string($id),
mysql_real_escape_string($encrypt_username),
mysql_real_escape_string($encrypt_password),
mysql_real_escape_string($fm_user_type_id));
}
elseif ($server_type==3) {
$sql=sprintf("INSERT INTO `hw_passwords` ( `password_id`, `server_id`, `username`,
`password`, `nokia_type_id` )
VALUES ( NULL, '%s', '%s' , '%s', '%s')",
mysql_real_escape_string($id),
mysql_real_escape_string($encrypt_username),
mysql_real_escape_string($encrypt_password),
mysql_real_escape_string($fm_user_type_id));
}
elseif ($server_type==4) {
$sql=sprintf("INSERT INTO `hw_passwords` ( `password_id`, `server_id`, `username`,
`password`, `cisco_type_id` )
VALUES ( NULL, '%s', '%s' , '%s', '%s')",
mysql_real_escape_string($id),
mysql_real_escape_string($encrypt_username),
mysql_real_escape_string($encrypt_password),
mysql_real_escape_string($fm_user_type_id));
}

$result = do_mysql_query($sql);
$myrow = mysql_fetch_array($result);
}
}

Insoftservice inso

hi,


///Make a new File name it as general.php

//GENERAL page ends here

<?php
      class General
      {
            function encrypt($string, $key)
            {
                  $result = '';
                  for($i=0; $i<strlen($string); $i++)
                  {
                        $char = substr($string, $i, 1);
                        $keychar = substr($key, ($i % strlen($key))-1, 1);
                        $char = chr(ord($char)+ord($keychar));
                        $result.=$char;
                  }
                  return base64_encode($result);
            }

            function decrypt($string, $key)
            {
                  $result = '';
                  $string = base64_decode($string);
                  for($i=0; $i<strlen($string); $i++)
                  {
                        $char = substr($string, $i, 1);
                        $keychar = substr($key, ($i % strlen($key))-1, 1);
                        $char = chr(ord($char)-ord($keychar));
                        $result.=$char;
                  }
                  return $result;
            }


      }
?>
//GENERAL page ends here

Now While inserting data you can encrypt using following method

$genObj = new General();

$password = $genObj->encrypt($_REQUEST['password'],"Your encrypted value");

Now While getting the data you can decrypt using following method

$genObj = new General();

$password = $genObj->encrypt($_REQUEST['password'],"Your encrypted value");

Where $_REQUEST['password']; is ur posted or request value. Thats it

Insoftservice inso

Hi,

I have given you this code so that if some clients forget there password and they want the same or some or the other it can provided by just passing the steps manually on test page . so this code is of gr8 use in further stages

ahoffmann

insoftservice, what should be the purpose of base64 encoding a password? (and naming the function "encrypt":)

Insoftservice inso

Hi,
I have given him the code so that if he is entering a new user , i mean to say fresh data in all database.
so that later he can have full control on the password instead of md5 which cannot be decrypted properly

ahoffmann

I'm just wondering about the purpose of a password stored in clear text ...

ASKER CERTIFIED SOLUTION

Insoftservice inso

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

champ4you

ASKER

very help full but not exactly what i want ..thank you:)