Jump to content

base64_encode() and base64_decode()

xProteuSx

By xProteuSx
in PHP Coding Help

 Share

Recommended Posts

xProteuSx Advanced Member

xProteuSx

Posted
Posted

I know why you shouldn't use base64_encode() to encrypt passwords, so please ...

 

I'm creating a membership based website.  I've got a registration form that takes the password value then base64 encodes it, and puts the string value into a MySQL database.

 

Now when the user goes to login he enters a username and a password.  The password is base64_encoded() then this login form encoded password is compared to the encoded password in the MySQL database. 

 

However, the two strings are not the same, according to PHP.  Does anyone know what is going on?

 

Here's some code from the login form:

 

$user = $_POST['user'];
$password = base64_encode($_POST['password']);

$query = "SELECT * FROM users WHERE user_name = '$user' AND user_password = '$pass'";
$userstatsresult = mysql_query($query) or die ('Error in query: ' . mysql_error());

if (mysql_num_rows($userstatsresult)>0)
{
while($row = mysql_fetch_assoc($userstatsresult))
	{
                if ($row[user_password] == $password)
                          {
                          echo 'Yay!  They are the same!';
                          }
                else
                          {
                          echo 'WTF?';
                          }
                }
       }

 

The output is always: WTF?

 

I think that it has something to do with the interaction between MySQL and PHP because straight PHP works, as in:

 

// base64_encode('password') is 'cGFzc3dvcmQ='
if (base64_encode('password') == 'cGFzc3dvcmQ=')
   {
   echo 'They are equal strings!';
   }
else
   {
   echo 'They are NOT equal strings!';
   }

 

This will always output:  They are equal strings!

 

I'm really stuck here ...

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Where is $pass defined?

 

You really don't need so much code to do this either.

 

$user = mysql_real_escape_string($_POST['user']);
$pass = base64_encode($_POST['password']);

$query = "SELECT id FROM users WHERE user_name = '$user' AND user_password = '$pass'";
if ($result = mysql_query($query)) {
  if (mysql_num_rows($query)) {
    // match found
  } else {
   // no match found
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.