Over the last few weeks, I have been learning CodeIgniter which is an open source PHP framework. It follows the MVC (model-view-controller) methodology, but allows you to utilize your existing PHP skillset. Overall I think CodeIgniter is great so far, but there are are few gotchas to look out for.

I found an issue today regarding the built in encryption library. Basically, the encrypted string might not be the same thing every time. For example, you might want to encrypt a user’s email address. The first time you might encrypt it on a sign up form. Now on the login page, I want to compare the value the user typed in with the database. The problem is, if I encrypt the email again, it most likely will not match even though the original string is the same!

$this->load->library('encrypt');
$a = $this->encrypt->encode('justin');
$b = $this->encrypt->encode('justin');

echo $a == $b ? 'equals' : 'nope!'; //will print nope!

Behind the scenes, CodeIgniter is basically rotating keys to produce different encrypted strings that decrypt to the same thing. It’s actually a really cool and secure way of handling the encryption, but for the purpose of comparing values (on a login form for example) it just doesn’t work.

Alternatives

So, if you need to do some comparisons using your encrypted data, you have a few alternatives. If you want to stick with PHP, you can make use of the mcrypt_encrypt and mycrypt_decrypt functions. If you want a MySQL solution, look into the encryption functions in their manual.