php - Codeigniter decode not working -


i making little login system using php inside of codeigniter framework. using encryption class encode password, store in database. on login, finds encrypted password using username, matches against password entered. passwords getting encoded during registration. , in below code, have been able print out encoded password database, fails out whenever run through decode. no error message, nothing.

public function check_pw(){     //post username , password database     $data['username'] = $this->input->post('username');     $data['password'] = $this->input->post('password');     $this->load->model('lindsdata');     //encoded password returned database - working     $return_data = $this->lindsdata->password($data);     //$return_data = $this->encrypt->decode($return_data);       //print_r shows $return_data hold encrypted password     //but when uncomment line decode in it, $return_data print_rs nothing.      print_r($return_data);     if ($return_data == $data['password']) {         redirect('/update/user', 'location');     }     if($return_data !== $data['password']){         //at point, $return_data of course still has nothing         print_r($return_data);         //print_r below entered password user..that shows up.         print_r($data['password']);         $error['the_error'] = 'your credentials wrong';     }else{         $error['the_error'] = '';     } }

i tried below make sure things being encoded properly...this returned "test" expected. 

 $a = "test";  $test = $this->encrypt->encode($a);   $test = $this->encrypt->decode($test);  print_r($test);

to further confuse me...i manually encoded password (like in code above) , had put result in database user (i had not set registration form yet, did had user work with)...that 1 works fine reason. none of other encoded user passwords working. don't why failing out during decode. database set varchar(255). , getting encoded password when run through decode...but nothing. no error message or , stumped. advance. ...and did not post model because don't think relevant since indeed returning encoded password checking should.

edit - doesn't make sense $return_data printing hash db , $password returning proper password $pw returning nothing. ...could sql database somehow corrupting/editing hash? should work can tell.

    $data['username'] = $this->input->post('username');     $password = $this->input->post('password');     $this->load->model('lindsdata');     $return_data = $this->lindsdata->password($data);     print_r($return_data);     print_r($password);     $pw = password_verify($password, $return_data);     print_r($pw);

edit - input database quite simple... see no reason having issue. ...still failing on either decode or password_verify. still no idea problem. simple mysql database...

public function register_submit(){     $data['user_name'] = $this->input->post('user_name');     $pwd = $this->input->post('password');     $data['password'] =  password_hash($pwd, password_default);     $this->load->model('lindsdata');     $this->lindsdata->register($data);       }  function register($data){     $this->db->insert('cred', $data); }

it against security practices directly store password in database, if encrypted. if get's access server can take both code , snapshot of database , find out passwords of users registered on site. best practice regarding passwords save hash of password (preferably sha256 or stronger), , compare hash of password user enters in login form 1 stored in database. or, better, can use php built in password hashing support (http://php.net/manual/en/ref.password.php).

and indirectly, hashing password solve problem :)


Comments

Post a Comment

Popular posts from this blog

javascript - AngularJS custom datepicker directive -

i make custom datepicker directive custom template. but have no idea how start building it... how include date data directive? i appreciate guide or give me advice work on more precisely. it might you! follow below steps html code sample: <label>birth date</label> <input type="text" ng-model="birthdate" date-options="dateoptions" custom-datepicker/> <hr/> <pre>birthdate = {{birthdate}}</pre> <script type="text/ng-template" id="custom-datepicker.html"> <div class="enhanced-datepicker"> <div class="proxied-field-wrap"> <input type="text" ui-date-format="yy-mm-dd" ng-model="ngmodel" ui-date="dateoptions"/> </div> <label> <button class="btn" type="button"><i class="icon-calendar"></i>
Read more

javascript - jQuery date picker - Disable dates after the selection from the first date picker -

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>jquery ui datepicker - default functionality</title> <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function () { $("#datepicker1").datepicker(); }); </script> <script> $(function () { $("#datepicker2").datepicker(); }); </script> </head> <body> <p>date 1: <input type="text" id="datepicker1"></p> <p>date 2: <input type="t
Read more