Over the last few weeks, I have been learning CodeIgniter which is an open source PHP framework. It follows the MVC (model-view-controller) methodology, but allows you to utilize your existing PHP skillset. Overall I think CodeIgniter is great so far, but there are are few gotchas to look out for.
I found an issue today regarding the built in encryption library. Basically, the encrypted string might not be the same thing every time. For example, you might want to encrypt a user’s email address. The first time you might encrypt it on a sign up form. Now on the login page, I want to compare the value the user typed in with the database. The problem is, if I encrypt the email again, it most likely will not match even though the original string is the same!
$this->load->library('encrypt');
$a = $this->encrypt->encode('justin');
$b = $this->encrypt->encode('justin');
echo $a == $b ? 'equals' : 'nope!'; //will print nope!
Behind the scenes, CodeIgniter is basically rotating keys to produce different encrypted strings that decrypt to the same thing. It’s actually a really cool and secure way of handling the encryption, but for the purpose of comparing values (on a login form for example) it just doesn’t work.
Alternatives
So, if you need to do some comparisons using your encrypted data, you have a few alternatives. If you want to stick with PHP, you can make use of the mcrypt_encrypt and mycrypt_decrypt functions. If you want a MySQL solution, look into the encryption functions in their manual.
Couldn’t you decrypt the email address you have stored in the database and then compare it with the unencrypted email address from the form. Since this would happen inside your script it is pretty secure.
Or am I missing something?
Cheers
Phil
If you compare the encrypted value, you can do one simple select statement against the database.
If you wanted to compare the un-encrypted values, you would have to process every user row and compare the value. If you had 1,000 users for example, that is potentially a lot of extra processing.
First off, I love Codeigniter!
Second, about your point on encryption.
I’m assuming you were trying to use the email as the users login or some such scenario where you have to have that field be unique in your database. You’re correct in saying the encryption will produce different results, because that is what it should do. It’s meant to protect the data from someone viewing it directly in the database.
An simple solution where you need a unique value would be to add a username field to your database that uses hashing (one way), instead of encryption (two way). Then just encrypt the users email since its not being used in any comparisons, but only for data output.
I agree with you that it’d be a terrible waste of resources to get the entire database, decrypt it all, and then compare the results. However, I think considering doing this misunderstands the purpose of encryption versus the purpose of hashing.
What do you think?
Yeah, I did run into this when using the email as part of a login. In my case, I had to use the email so it came down to the difference between encrypting (encoding) vs. hashing like you said.
The main thing I wanted to point out was that 2 way encryption as typically implemented in straight PHP was not what code ignitor is going to give you.
In practice, I would agree with simply hashing any values you want to use for comparison only. If you want to store values and use them for display only, use the code ignitor encode. If you want to use them for comparison AND read the data (as was my case), then I would use mcrypt or something like that.
I ran into this also as a CodeIgniter newbie.
What I did was to query the db for the userid and in the returned data also return the encrypted password.
Then I did this:
if ($this->encrypt->decode($row->F_Passwd) == $Passwd) // login successful
Hi there, just became alert to your blog through Google, and found that it’s really informative. I’m going to watch out for brussels. I will appreciate if you continue this in future. Lots of people will be benefited from your writing. Cheers!
זקוקים לעזרה ועוד תוכלו לקבל עזרה מאנשי מקצוע מוסמכים בתחום זה.
היי אני רוצה להמליץ לכם על סוכנות לטרייד אין, מכירה וקנית רכבים במחירים אטרקטיביים!
I’ve lately began a weblog, the data you present on this website has helped me tremendously. Thanks for your whole time & work.
Have you ever considered adding more videos to your blog posts to keep the readers more entertained? I mean I just read through the entire article of yours and it was quite good but since I’m more of a visual learner,I found that to be more helpful well let me know how it turns out! I love what you guys are always up too. Such clever work and reporting! Keep up the great works guys I’ve added you guys to my blogroll. This is a great article thanks for sharing this informative information.. I will visit your blog regularly for some latest post.
Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something. I think that you could do with some pics to drive the message home a little bit, but instead of that, this is magnificent blog. An excellent read. I will definitely be back.
how this site is set up, much to offer, information with good enthusiasmhttp://wartrolrevealed.com/does-wartrol-really-help-you-remove-genital-warts/
I like the valuable info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite certain I will learn plenty of new stuff right here! Best of luck for the next!
Hello there, just became alert to your blog through Google, and found that it is really informative. I’m gonna watch out for brussels. I’ll be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!
Well, I believe that clears up 2 difficulties for me personally. How about anybody else?
Very nice post. I just stumbled upon your weblog and wished to say that I’ve truly enjoyed surfing around your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon!
Fantastic goods from you, man. Ive study your stuff ahead of and youre just as well amazing. I enjoy what youve got right here, adore what youre stating and the way you say it. You make it entertaining and you even now manage to help keep it wise. I cant wait to go through additional from you. That is really an incredible weblog.
Attractive part of content. I just stumbled upon your blog and in accession capital to say that I acquire actually enjoyed account your weblog posts. Any way I will be subscribing in your feeds and even I fulfillment you get admission to persistently fast.
A large percentage of of what you assert is astonishingly accurate and it makes me ponder why I hadn’t looked at this in this light previously. This particular article really did turn the light on for me personally as far as this specific issue goes. Nevertheless there is actually just one issue I am not too cozy with so whilst I try to reconcile that with the main theme of the point, permit me observe what all the rest of the visitors have to say.Very well done.
Pretty interesting post. You have a strong review on the subject and I will be subscribing to your RSS and will hope you will post again soon on similar subjects. But I was would like to know what your article sources for the article are? Thanks
Hey There. I found your blog using msn. That is a really neatly written article. I’ll be sure to bookmark it and return to learn extra of your useful information. Thanks for the post. I’ll certainly comeback.
This is the perfect blog for anyone who wants to know about this topic. You know so much its almost hard to argue with you (not that I really would want…HaHa). You definitely put a new spin on a subject thats been written about for years. Great stuff, just great!
buy artwork for kids
I’m getting some problems finding this site to load on my iPhone. Do you have a mobile version of this site?
Really like your web sites particulars! Undoubtedly a beautiful offer of data that’s extraordinarily helpful. Stick with it to carry publishing and i’m gonna proceed studying by means of! Cheers.
Donkeys lips do not fit onto a horses mouth.
Hiya, I am really glad I have found this info. Today bloggers publish just about gossips and web and this is really frustrating. A good site with exciting content, this is what I need. Thanks for keeping this site, I will be visiting it. Do you do newsletters’ Can’t find it.
Thanks for taking the time to debate this, I really feel strongly about it and love learning more on this topic. If possible, as you acquire experience, would you mind updating your blog with additional information? It is extremely useful for me.
woh I like your posts , saved to bookmarks ! .
uebiehdjdb duebiehsiwbdkfjjf
fuwjsvicwjyy skwgwhe
Pretty excellent post. I just stumbled upon your blog and wanted to say that I have extremely enjoyed reading your blog posts. Any way I will be subscribing to your feed and I hope you write-up once again soon.