Help returning encrypted password from database

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

30 Replies - 13611 Views - Last Post: 24 July 2012 - 09:13 PM Rate Topic: -----

#1 mccabec123  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 233
  • Joined: 03-March 11

Help returning encrypted password from database

Posted 23 July 2012 - 11:48 AM

Hey guys, I've recently set up my own dedicated server and installed everything that is necessary to write PHP scripts etc. But I seem to have an issue when I'm returning an encrypted password from my mysql databases, and I can't tell if it's something to do with my PHP configuration or whether it's something to do with my MySQL configuration. Basically what is happening is when I use PDO to return the encrypted password from the database it looses certain characters, so when PHP goes to compare the encrypted password the user entered on the login with the password held in the database it throws an error.

Here's an example:

The password entered by the user after encryption:

The password returned from the database:

The '�' characters seem to be getting changed to '?' characters :S

I've checked the passwords in PHPMyAdmin to see if it was missing any characters, but the passwords match, so something is going a rye somewhere in between, and I am unsure whether it's to do with PHP settings or MySQL.

Here's my scripts:-

Hash and Salt Script (modules.php):


		/* Initialises the username variable. */
		$username = $_SESSION['username'];
		/* If the user has changed their details then this block of code will make the changes to the database. 
		if(isset($_POST['detailsChanged']) == 1)
			$statement = $conn -> prepare("UPDATE people SET Firstname = :firstname, Surname = :surname, Email = :email WHERE Username = :username ");
			$statement->bindParam(':firstname', $_POST['Firstname'], PDO::PARAM_INT);
			$statement->bindParam(':surname', $_POST['Surname'], PDO::PARAM_INT);
			$statement->bindParam(':email', $_POST['Email'], PDO::PARAM_INT);
			$statement->bindParam(':username', $username, PDO::PARAM_INT);
		if(isset($_SESSION["passed"]) == 1)
			$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");
			$result = $statement->fetch();
			$firstname = $result['Firstname'];
			$surname = $result['Surname'];
			$username2 = $result['Username'];
		function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {
		    $hl = strlen(hash($a, null, true)); # Hash length
		    $kb = ceil($kl / $hl);              # Key blocks to compute
		    $dk = '';                           # Derived key
		    # Create key
		    for ( $block = 1; $block <= $kb; $block ++ ) {
		        # Initial hash for this block
		        $ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
		        # Perform block iterations
		        for ( $i = 1; $i < $c; $i ++ )
		            # XOR each iterate
		            $ib ^= ($b = hash_hmac($a, $b, $p, true));
		        $dk .= $ib; # Append iterated block
		    # Return derived key of correct length
		    return substr($dk, 0, $kl);

PDO initialisation (Login and Password removed for security reasons)(connection.php):

    $login = "*********";
    $password = "**********";
    $dsn = "mysql:host=localhost;dbname=wishpiggy";
    $conn = new PDO($dsn, $login, $password);


Login Page:
<?php ob_start(); session_start(); include ('sql_connect/connection.php'); include('sql_connect/modules.php');

    //This section of code checks to see if the client is using SSL, if not 
    // if($_SERVER["HTTPS"] != "on")
    // {
    //        header("HTTP/1.1 301 Moved Permanently");   
    //        header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    //        exit();
    // }
    //This if statement checks to see if the session variable 'username' is set, and if so it will redirect the user to their profile page.
        header("Location: /home/");

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Wish Piggy</title>
    <link href="css/styles.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src=""></script>
    <script type="text/javascript" src="js/loginjs.js"></script>


    <div class="index_div">
        <div class="logo"><img src="img/wish_piggy.jpg" alt="" />
        <div class="text"><span>89% Fulfilled</span>
        <div class="bar"><img src="img/wish_piggy_bar.jpg" alt="" />
        <div class="text">
            <div class="text_l"><p>1,000,000 People</p>
            <div class="text_r"><p>9,000,838 Wishes</p>
        <div class="sign_in"><a id="show-panel" href="#"></a>

    <div id="lightbox-panel">
        <form id="loginForm" name="form" action="index.php" method="post" >
            <input name="submitted" type="hidden" value="1" /> 
            <div class="login_label"><img src="img/wish_piggy_login.jpg" alt="" /><a id="open_signin" href="#">SIGN UP HERE</a><p>Login</p><a id="close-panel" href="#"></a>
            <div class="login_input"><input name="email" type="text" value="<?php if(isset($_COOKIE['username']) && $_COOKIE['username'] != ""){echo $_COOKIE['username']; $_SESSION["username"] = $_COOKIE['username']; $_SESSION["passed"] = 1; header("Location: /home/");}else{echo "Email";} ?>" onclick="this.value=''" />
            <div class="input_label"><span>(e.g. [email protected])</span>
            <div class="login_input"><input name="password" type="password" value="Password" onclick="this.value=''" />
            <div class="input_label"><a href="#">Forgot Password</a>
            <div class="login_submit">
                <div class="login_checkbox"><input name="remember" type="checkbox" value="" /> <span>Remember me</span>
                <div class="login_submit_input"><input name="submit" type="submit" value=""/>
    <div id="lightbox"></div>

    <div id="lightbox-panel2">
        <div class="inner_lightbox2"><img src="img/wish_piggy_login.jpg" alt="" /><a id="close-panel2" href="#"></a>
        <div class="signup_form">
            <form action="index.php" method="post">   
                <input name="submitted" type="hidden" value="1" /> 
                <div class="signup_form_label"><span>Firstname:</span>
                <div class="signup_form_input"><input name="firstname" type="text" />
                <div class="signup_form_label"><span>Surname:</span>
                <div class="signup_form_input"><input name="surname" type="text" />
                <div class="signup_form_label"><span>Email:</span>
                <div class="signup_form_input"><input name="email" type="text" />
                <div class="signup_form_label"><span>Confirm Email:</span>
                <div class="signup_form_input"><input name="emailConfirm" type="text" />
                <div class="signup_form_label"><span>Password:</span>
                <div class="signup_form_input"><input name="password" type="text" />
                <div class="signup_form_label"><span>Confirm Password:</span>
                <div class="signup_form_input"><input name="passwordConfirm" type="text" />
                <div class="signup_form_label2"><img src="img/wish_piggy_captcha.jpg" alt="" />
                <div class="signup_form_input2"><input name="" type="text" />
                <div class="signup_form_submit"><input name="" type="button" value="register" />
        if(isset($_POST["submitted"]) == 1)
            echo "caught data!";
            $email = $_POST["email"];
            $password = $_POST["password"];
            if($password == "")
                die ("Your username or password is incorrect.");
            $usernameValidated = 0;
            $statement = $conn->prepare("SELECT password FROM users WHERE email = :name");
            $statement->bindParam(":name", $email);
            $passCompare = $statement->fetch();
            $passSubmitHashed = pbkdf2($password, "butterScotch", 1000, 32);
            echo $passSubmitHashed;
            echo " || ";
            echo $password;
            if($passSubmitHashed == $passCompare['password'])
            echo "hurrdurr || " . $passCompare['password'];
            if($usernameValidated == 0)
                die("Your username or password is incorrect..");

        if(isset($_POST["submitted"]) == NULL || isset($usernameValidated) > 0)
            echo "<style> #text_contents{display: none;}</style>";
        if(isset($usernameValidated) >= 1)
            $_SESSION["username"] = $username;
            $expiry = 60 * 60 * 6 + time();
            setcookie('username', $username, $expiry);
            $_SESSION["passed"] = $_POST["submitted"];
            header("Location: /profile/");
    <div id="lightbox2"></div>
    <?php ob_end_flush(); ?>

This post has been edited by mccabec123: 24 July 2012 - 07:09 AM

Is This A Good Question/Topic? 0
  • +

Replies To: Help returning encrypted password from database

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3417
  • View blog
  • Posts: 12,133
  • Joined: 08-August 08

Re: Help returning encrypted password from database

Posted 23 July 2012 - 12:26 PM

I have no time to read through that, so I'll just say that this is a good reason for using functions.
Was This Post Helpful? 1
  • +
  • -

#3 mccabec123  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 233
  • Joined: 03-March 11

Re: Help returning encrypted password from database

Posted 23 July 2012 - 01:34 PM

I do use functions, and I understand what you're saying. But I don't think it's relevant to my actual question, I do understand it would allow me to narrow down my problem solving, but as it stands I have a feeling that it's more to do with my database than my PHP.
Was This Post Helpful? 0
  • +
  • -

#4 Duckington  Icon User is offline

  • D.I.C Addict

Reputation: 172
  • View blog
  • Posts: 614
  • Joined: 12-October 09

Re: Help returning encrypted password from database

Posted 23 July 2012 - 02:39 PM

Have you made sure the charset of the database field is what you are expecting it to be? And that it is the same in your php script?

E.g. If you field is utf8_general_ci, make sure your PHP script is using the same charset: header('Content-Type: text/html; charset=utf-8');

This post has been edited by Duckington: 23 July 2012 - 02:40 PM

Was This Post Helpful? 0
  • +
  • -

#5 mccabec123  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 233
  • Joined: 03-March 11

Re: Help returning encrypted password from database

Posted 23 July 2012 - 03:07 PM

Thanks for your reply Duckington, but that didn't make any difference, it still seems to be changing the '�' characters into '?' characters. I honestly have no idea why it's doing this :S
Was This Post Helpful? 0
  • +
  • -

#6 AlexSleyore  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 18
  • Joined: 23-July 12

Re: Help returning encrypted password from database

Posted 23 July 2012 - 03:10 PM

Im not sure what wrong. But the 15th character is changed from an R to a ? as well in your example.
Was This Post Helpful? 0
  • +
  • -

#7 mccabec123  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 233
  • Joined: 03-March 11

Re: Help returning encrypted password from database

Posted 23 July 2012 - 04:00 PM

Hmm yeh, it's completely bizarre, I really need someone to shed some light on it, I have absolutely no clue where to start :S If anybody needs me to show some sort of information just ask, cause this is driving me nuts :S

Here's my phpinfo() if it helps:

PHP Version 5.4.4

System 	Linux 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64
Build Date 	Jul 2 2012 16:35:17
Configure Command 	'./configure' '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib64' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--with-t1lib=/usr' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-mhash' '--with-apxs2=/usr/sbin/apxs' '--libdir=/usr/lib64/php' '--enable-pdo=shared' '--with-mysql=shared,/usr' '--with-mysqli=shared,/usr/lib64/mysql/mysql_config' '--with-pdo-mysql=shared,/usr/lib64/mysql/mysql_config' '--with-pdo-sqlite=shared,/usr' '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-xmlreader' '--disable-xmlwriter' '--without-sqlite3' '--disable-phar' '--disable-fileinfo' '--disable-json' '--without-pspell' '--disable-wddx' '--without-curl' '--disable-posix' '--disable-sysvmsg' '--disable-sysvshm' '--disable-sysvsem'
Server API 	Apache 2.0 Handler
Virtual Directory Support 	disabled
Configuration File (php.ini) Path 	/etc
Loaded Configuration File 	/etc/php.ini
Scan this dir for additional .ini files 	/etc/php.d
Additional .ini files parsed 	/etc/php.d/bcmath.ini, /etc/php.d/curl.ini, /etc/php.d/dba.ini, /etc/php.d/digidoc.ini, /etc/php.d/dom.ini, /etc/php.d/enchant.ini, /etc/php.d/facedetect.ini, /etc/php.d/fileinfo.ini, /etc/php.d/gd.ini, /etc/php.d/guestfs_php.ini, /etc/php.d/idn.ini, /etc/php.d/imap.ini, /etc/php.d/interbase.ini, /etc/php.d/intl.ini, /etc/php.d/json.ini, /etc/php.d/kolabformat.ini, /etc/php.d/ldap.ini, /etc/php.d/libpuzzle.ini, /etc/php.d/libvirt-php.ini, /etc/php.d/mbstring.ini, /etc/php.d/mcrypt.ini, /etc/php.d/memcache.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/odbc.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_firebird.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_odbc.ini, /etc/php.d/pdo_pgsql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/pgsql.ini, /etc/php.d/phar.ini, /etc/php.d/posix.ini, /etc/php.d/recode.ini, /etc/php.d/shout.ini, /etc/php.d/snmp.ini, /etc/php.d/soap.ini, /etc/php.d/sqlite3.ini, /etc/php.d/sysvmsg.ini, /etc/php.d/sysvsem.ini, /etc/php.d/sysvshm.ini, /etc/php.d/tidy.ini, /etc/php.d/wddx.ini, /etc/php.d/xdebug.ini, /etc/php.d/xmlreader.ini, /etc/php.d/xmlrpc.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, /etc/php.d/zip.ini, /etc/php.d/zmq.ini
PHP API 	20100412
PHP Extension 	20100525
Zend Extension 	220100525
Zend Extension Build 	API220100525,NTS
PHP Extension Build 	API20100525,NTS
Debug Build 	no
Thread Safety 	disabled
Zend Signal Handling 	disabled
Zend Memory Manager 	enabled
Zend Multibyte Support 	provided by mbstring
IPv6 Support 	enabled
DTrace Support 	disabled
Registered PHP Streams	https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters	zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*

Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
    with Xdebug v2.2.0, Copyright (c) 2002-2012, by Derick Rethans

PHP Credits
Apache Version 	Apache/2.2.22 (Fedora)
Apache API Version 	20051115
Server Administrator 	root@localhost
User/Group 	apache(48)/48
Max Requests 	Per Child: 4000 - Keep Alive: on - Max Per Connection: 100
Timeouts 	Connection: 60 - Keep-Alive: 5
Virtual Server 	No
Server Root 	/etc/httpd
Loaded Modules 	core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default mod_authn_dbd mod_dbd util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi mod_version mod_asis mod_cern_meta mod_cgid mod_dumpio mod_filter mod_ident mod_log_forensic mod_unique_id mod_perl mod_php5 mod_python mod_ssl

Directive	Local Value	Master Value
engine	1	1
last_modified	0	0
xbithack	0	0

Apache Environment
Variable	Value
HTTP_HOST 	***********
HTTP_USER_AGENT 	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120716 Firefox/15.0a2
HTTP_ACCEPT 	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE 	en-us,en;q=0.5
HTTP_REFERER 	**************
HTTP_COOKIE 	fc=fcVal=8751802577521371040; PHPSESSID=cqvqrcm94sk4mu2436hnjfa1d2
CONTENT_TYPE 	application/x-www-form-urlencoded
PATH 	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
SERVER_SIGNATURE 	<address>Apache/2.2.22 (Fedora) Server at www.*************.com Port 80</address>
SERVER_SOFTWARE 	Apache/2.2.22 (Fedora)
SERVER_NAME 	www.*************.com
DOCUMENT_ROOT 	/var/www/html
SERVER_ADMIN 	root@localhost
SCRIPT_FILENAME 	/var/www/html/wishpiggy/index.php
QUERY_STRING 	no value
REQUEST_URI 	/wishpiggy/index.php
SCRIPT_NAME 	/wishpiggy/index.php

HTTP Headers Information
HTTP Request Headers
HTTP Request 	POST /*******/index.php HTTP/1.1
Host 	www.*********.com
User-Agent 	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120716 Firefox/15.0a2
Accept 	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language 	en-us,en;q=0.5
Accept-Encoding 	gzip, deflate
Connection 	keep-alive
Referer 	http://www.************.com/wishpiggy/index.php
Cookie 	fc=fcVal=8751802577521371040; PHPSESSID=cqvqrcm94sk4mu2436hnjfa1d2
Cache-Control 	max-age=0
Content-Type 	application/x-www-form-urlencoded
Content-Length 	69
HTTP Response Headers
X-Powered-By 	PHP/5.4.4

BCMath support 	enabled

Directive	Local Value	Master Value
bcmath.scale	0	0

BZip2 Support 	Enabled
Stream Wrapper support 	compress.bzip2://
Stream Filter support 	bzip2.decompress, bzip2.compress
BZip2 Version 	1.0.6, 6-Sept-2010

Calendar support 	enabled

PHP Version 	5.4.4

Directive	Local Value	Master Value
allow_url_fopen	On	On
allow_url_include	Off	Off
always_populate_raw_post_data	Off	Off
arg_separator.input	&	&
arg_separator.output	&	&
asp_tags	Off	Off
auto_append_file	no value	no value
auto_globals_jit	On	On
auto_prepend_file	no value	no value
browscap	no value	no value
default_charset	no value	no value
default_mimetype	text/html	text/html
disable_classes	no value	no value
disable_functions	no value	no value
display_errors	Off	Off
display_startup_errors	Off	Off
doc_root	no value	no value
docref_ext	no value	no value
docref_root	no value	no value
enable_dl	Off	Off
enable_post_data_reading	On	On
error_append_string	no value	no value
error_log	no value	no value
error_prepend_string	no value	no value
error_reporting	22527	22527
exit_on_timeout	Off	Off
expose_php	On	On
extension_dir	/usr/lib64/php/modules	/usr/lib64/php/modules
file_uploads	On	On
highlight.comment	#FF8000	#FF8000
highlight.default	#0000BB	#0000BB
highlight.html	#000000	#000000
highlight.keyword	#007700	#007700
highlight.string	#DD0000	#DD0000
html_errors	On	On
ignore_repeated_errors	Off	Off
ignore_repeated_source	Off	Off
ignore_user_abort	Off	Off
implicit_flush	Off	Off
include_path	.:/usr/share/pear:/usr/share/php	.:/usr/share/pear:/usr/share/php
log_errors	On	On
log_errors_max_len	1024	1024
mail.add_x_header	On	On
mail.force_extra_parameters	no value	no value
mail.log	no value	no value
max_execution_time	30	30
max_file_uploads	20	20
max_input_nesting_level	64	64
max_input_time	60	60
max_input_vars	1000	1000
memory_limit	128M	128M
open_basedir	no value	no value
output_buffering	4096	4096
output_handler	no value	no value
post_max_size	8M	8M
precision	14	14
realpath_cache_size	16K	16K
realpath_cache_ttl	120	120
register_argc_argv	Off	Off
report_memleaks	On	On
report_zend_debug	On	On
request_order	GP	GP
sendmail_from	no value	no value
sendmail_path	/usr/sbin/sendmail -t -i	/usr/sbin/sendmail -t -i
serialize_precision	17	17
short_open_tag	Off	Off
SMTP	localhost	localhost
smtp_port	25	25
sql.safe_mode	Off	Off
track_errors	Off	Off
unserialize_callback_func	no value	no value
upload_max_filesize	2M	2M
upload_tmp_dir	no value	no value
user_dir	no value	no value
user_ini.cache_ttl	300	300
user_ini.filename	.user.ini	.user.ini
variables_order	GPCS	GPCS
xmlrpc_error_number	0	0
xmlrpc_errors	Off	Off
zend.detect_unicode	On	On
zend.enable_gc	On	On
zend.multibyte	Off	Off
zend.script_encoding	no value	no value

ctype functions 	enabled

cURL support 	enabled
cURL Information 	7.24.0
Age 	3
AsynchDNS 	Yes
Debug 	No
GSS-Negotiate 	Yes
IDN 	Yes
IPv6 	Yes
Largefile 	Yes
SSL 	Yes
krb4 	No
libz 	Yes
CharConv 	No
Protocols 	dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp
Host 	x86_64-redhat-linux-gnu
SSL Version 	NSS/
ZLib Version 	1.2.5
libSSH Version 	libssh2/1.4.1

date/time support 	enabled
"Olson" Timezone Database Version 	0.system
Timezone Database 	internal
Default timezone 	Europe/London

Directive	Local Value	Master Value
date.default_latitude	31.7667	31.7667
date.default_longitude	35.2333	35.2333
date.sunrise_zenith	90.583333	90.583333
date.sunset_zenith	90.583333	90.583333
date.timezone	Europe/London	Europe/London

DBA support 	enabled
Supported handlers 	cdb cdb_make db4 inifile flatfile

Directive	Local Value	Master Value
dba.default_handler	flatfile	flatfile

DigiDoc libraries support
Directive	Value
DigiDoc support 	enabled

DOM/XML 	enabled
DOM/XML API Version 	20031129
libxml Version 	2.7.8
HTML Support 	enabled
XPath Support 	enabled
XPointer Support 	enabled
Schema Support 	enabled
RelaxNG Support 	enabled

enchant support	enabled
Version 	1.1.0
Libenchant Version 	1.5.x
Revision 	$Id: 2d784ebbefd2f4c5ac8131210c16599418deb934 $

myspell 	Myspell Provider 	/usr/lib64/enchant/

Regex Library 	Bundled library enabled

EXIF Support 	enabled
EXIF Version 	1.4 $Id$
Supported EXIF Version 	0220
Supported filetypes 	JPEG,TIFF

Directive	Local Value	Master Value
exif.decode_jis_intel	JIS	JIS
exif.decode_jis_motorola	JIS	JIS
exif.decode_unicode_intel	UCS-2LE	UCS-2LE
exif.decode_unicode_motorola	UCS-2BE	UCS-2BE
exif.encode_jis	no value	no value
exif.encode_unicode	ISO-8859-15	ISO-8859-15

facedetect support 	enabled
facedetect version 	1.0.1

fileinfo support	enabled
version 	1.0.5

Input Validation and Filtering 	enabled
Revision 	$Id: e523cdc8829892d1b4f9cb7c3c57b2ba1c36b9ea $

Directive	Local Value	Master Value
filter.default	unsafe_raw	unsafe_raw
filter.default_flags	no value	no value

FTP support 	enabled

GD Support 	enabled
GD Version 	bundled (2.0.34 compatible)
FreeType Support 	enabled
FreeType Linkage 	with freetype
FreeType Version 	2.4.8
T1Lib Support 	enabled
GIF Read Support 	enabled
GIF Create Support 	enabled
JPEG Support 	enabled
libJPEG Version 	6b
PNG Support 	enabled
libPNG Version 	1.5.10
WBMP Support 	enabled
XPM Support 	enabled
XBM Support 	enabled

Directive	Local Value	Master Value
gd.jpeg_ignore_warning	0	0

GetText Support 	enabled

gmp support 	enabled
GMP version 	5.0.2

Version 	1.0

hash support 	enabled
Hashing Engines 	md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b fnv132 fnv164 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

iconv support 	enabled
iconv implementation 	glibc
iconv library version 	2.15

Directive	Local Value	Master Value
iconv.input_encoding	ISO-8859-1	ISO-8859-1
iconv.internal_encoding	ISO-8859-1	ISO-8859-1
iconv.output_encoding	ISO-8859-1	ISO-8859-1

IDN support 	enabled
RCS Version 	$Id: idn.c,v 0.36 2010-03-28 15:17:54 turbo Exp $
LibIDN version 	1.24

Directive	Local Value	Master Value
idn.allow_unassigned_chars	0	0
idn.default_charset	ISO-8859-1	ISO-8859-1
idn.use_std_3_ascii_rules	0	0

IMAP c-Client Version 	2007f
SSL Support 	enabled
Kerberos Support 	enabled

Firebird/InterBase Support 	dynamic
Compile-time Client Library Version 	Firebird API version 25
Run-time Client Library Version 	LI-V6.3.1.26351 Firebird 2.5

Directive	Local Value	Master Value
ibase.allow_persistent	On	On
ibase.dateformat	%Y-%m-%d	%Y-%m-%d
ibase.default_charset	no value	no value
ibase.default_db	no value	no value
ibase.default_password	no value	no value
ibase.default_user	no value	no value
ibase.max_links	Unlimited	Unlimited
ibase.max_persistent	Unlimited	Unlimited
ibase.timeformat	%H:%M:%S	%H:%M:%S
ibase.timestampformat	%Y-%m-%d %H:%M:%S	%Y-%m-%d %H:%M:%S

Internationalization support	enabled
version 	1.1.0
ICU version
ICU Data version 	4.8.1

Directive	Local Value	Master Value
intl.default_locale	no value	no value
intl.error_level	0	0

json support 	enabled
json version 	1.2.1

LDAP Support 	enabled
RCS Version 	$Id$
Total Links 	0/unlimited
API Version 	3001
Vendor Name 	OpenLDAP
Vendor Version 	20431
SASL Support 	Enabled

Directive	Local Value	Master Value
ldap.max_links	Unlimited	Unlimited

libpuzzle support	enabled

Libvirt support 	enabled
Debug support 	enabled, default maximum log file size: 1024 KiB
Extension version 	0.4.5
Libvirt version 	0.9.11
Max. connections 	5
ISO Image path 	/var/lib/libvirt/images/iso - path is invalid. To set the valid path modify the libvirt.iso_path in your php.ini configuration!
Path for images 	/var/lib/libvirt/images
Features supported 	create-image

libXML support 	active
libXML Compiled Version 	2.7.8
libXML Loaded Version 	20708
libXML streams 	enabled

Multibyte Support 	enabled
Multibyte string engine 	libmbfl
HTTP input encoding translation 	disabled
libmbfl version 	1.3.2

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Multibyte (japanese) regex support 	enabled
Multibyte regex (oniguruma) backtrack check 	On
Multibyte regex (oniguruma) version 	4.7.1

Directive	Local Value	Master Value
mbstring.detect_order	no value	no value
mbstring.encoding_translation	Off	Off
mbstring.func_overload	0	0
mbstring.http_input	pass	pass
mbstring.http_output	pass	pass
mbstring.http_output_conv_mimetypes	^(text/|application/xhtml\+xml)	^(text/|application/xhtml\+xml)
mbstring.internal_encoding	no value	no value
mbstring.language	neutral	neutral
mbstring.strict_detection	Off	Off
mbstring.substitute_character	no value	no value

mcrypt support	enabled
mcrypt_filter support	enabled
Version 	2.5.8
Api No 	20021217
Supported ciphers 	cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes 	cbc cfb ctr ecb ncfb nofb ofb stream

Directive	Local Value	Master Value
mcrypt.algorithms_dir	no value	no value
mcrypt.modes_dir	no value	no value

memcache support	enabled
Version 	3.0.6
Revision 	$Revision: 310129 $

Directive	Local Value	Master Value
memcache.allow_failover	1	1
memcache.chunk_size	32768	32768
memcache.compress_threshold	20000	20000
memcache.default_port	11211	11211
memcache.hash_function	crc32	crc32
memcache.hash_strategy	consistent	consistent
memcache.lock_timeout	15	15
memcache.max_failover_attempts	20	20
memcache.protocol	ascii	ascii
memcache.redundancy	1	1
memcache.session_redundancy	2	2

MHASH support 	Enabled
MHASH API Version 	Emulated Support

MySQL Support	enabled
Active Persistent Links 	0
Active Links 	0
Client API version 	5.5.25a
MYSQL_SOCKET 	/var/lib/mysql/mysql.sock
MYSQL_INCLUDE 	-I/usr/include/mysql
MYSQL_LIBS 	-L/usr/lib64/mysql -lmysqlclient

Directive	Local Value	Master Value
mysql.allow_local_infile	On	On
mysql.allow_persistent	On	On
mysql.connect_timeout	60	60
mysql.default_host	no value	no value
mysql.default_password	no value	no value
mysql.default_port	no value	no value
mysql.default_socket	/var/lib/mysql/mysql.sock	/var/lib/mysql/mysql.sock
mysql.default_user	no value	no value
mysql.max_links	Unlimited	Unlimited
mysql.max_persistent	Unlimited	Unlimited
mysql.trace_mode	Off	Off

MysqlI Support	enabled
Client API library version 	5.5.25a
Active Persistent Links 	0
Inactive Persistent Links 	0
Active Links 	0
Client API header version 	5.5.24
MYSQLI_SOCKET 	/var/lib/mysql/mysql.sock

Directive	Local Value	Master Value
mysqli.allow_local_infile	On	On
mysqli.allow_persistent	On	On
mysqli.default_host	no value	no value
mysqli.default_port	3306	3306
mysqli.default_pw	no value	no value
mysqli.default_socket	no value	no value
mysqli.default_user	no value	no value
mysqli.max_links	Unlimited	Unlimited
mysqli.max_persistent	Unlimited	Unlimited
mysqli.reconnect	Off	Off

ODBC Support	enabled
Active Persistent Links 	0
Active Links 	0
ODBC library 	unixODBC
ODBC_INCLUDE 	-I/usr/include
ODBC_LFLAGS 	-L/usr/lib64
ODBC_LIBS 	-lodbc

Directive	Local Value	Master Value
odbc.allow_persistent	On	On
odbc.check_persistent	On	On
odbc.default_cursortype	Static cursor	Static cursor
odbc.default_db	no value	no value
odbc.default_pw	no value	no value
odbc.default_user	no value	no value
odbc.defaultbinmode	return as is	return as is
odbc.defaultlrl	return up to 4096 bytes	return up to 4096 bytes
odbc.max_links	Unlimited	Unlimited
odbc.max_persistent	Unlimited	Unlimited

OpenSSL support 	enabled
OpenSSL Library Version 	OpenSSL 1.0.0j-fips 10 May 2012
OpenSSL Header Version 	OpenSSL 1.0.0j-fips 10 May 2012

PCRE (Perl Compatible Regular Expressions) Support 	enabled
PCRE Library Version 	8.21 2011-12-12

Directive	Local Value	Master Value
pcre.backtrack_limit	1000000	1000000
pcre.recursion_limit	100000	100000

PDO support	enabled
PDO drivers 	firebird, mysql, odbc, pgsql, sqlite

PDO Driver for Firebird/InterBase	enabled

PDO Driver for MySQL	enabled
Client API version 	5.5.25a

Directive	Local Value	Master Value
pdo_mysql.default_socket	/var/lib/mysql/mysql.sock	/var/lib/mysql/mysql.sock

PDO Driver for ODBC (unixODBC)	enabled
ODBC Connection Pooling 	Enabled, strict matching

PDO Driver for PostgreSQL	enabled
PostgreSQL(libpq) Version 	9.1.4
Module version 	1.0.2
Revision 	$Id$

PDO Driver for SQLite 3.x	enabled
SQLite Library 	3.7.11

PostgreSQL Support	enabled
PostgreSQL(libpq) Version 	9.1.4
PostgreSQL(libpq) 	PostgreSQL 9.1.4 on x86_64-redhat-linux-gnu, compiled by gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5), 64-bit
Multibyte character support 	enabled
SSL support 	enabled
Active Persistent Links 	0
Active Links 	0

Directive	Local Value	Master Value
pgsql.allow_persistent	On	On
pgsql.auto_reset_persistent	Off	Off
pgsql.ignore_notice	Off	Off
pgsql.log_notice	Off	Off
pgsql.max_links	Unlimited	Unlimited
pgsql.max_persistent	Unlimited	Unlimited

Phar: PHP Archive support	enabled
Phar EXT version 	2.0.1
Phar API version 	1.1.1
SVN revision 	$Id: 2a47d3d0354109d8077e34d59f1228ccfd021d59 $
Phar-based phar archives 	enabled
Tar-based phar archives 	enabled
ZIP-based phar archives 	enabled
gzip compression 	enabled
bzip2 compression 	enabled
Native OpenSSL support 	enabled

Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.

Directive	Local Value	Master Value
phar.cache_list	no value	no value
phar.readonly	On	On
phar.require_hash	On	On

Revision 	$Id: 967584c6fadb3467f31abe8e13caa8764df85867 $

Recode Support 	enabled
Revision 	$Id: e17429b238eb22d028af0d49b193d3f6c40aaf9f $

Reflection	enabled
Version 	$Id: 1cf65cee164ed57874ce2d29e5c46b82f6139524 $

Session Support 	enabled
Registered save handlers 	files user memcache
Registered serializer handlers 	php php_binary wddx

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	/dev/urandom	/dev/urandom
session.entropy_length	32	32
session.gc_divisor	1000	1000
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.hash_bits_per_character	5	5
session.hash_function	0	0	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	/var/lib/php/session	/var/lib/php/session
session.serialize_handler	php	php
session.upload_progress.cleanup	On	On
session.upload_progress.enabled	On	On
session.upload_progress.freq	1%	1%
session.upload_progress.prefix	upload_progress_	upload_progress_
session.use_cookies	On	On
session.use_only_cookies	On	On
session.use_trans_sid	0	0

shmop support 	enabled

Shout Support	enabled
Version 	0.9.2
libshout version 	2.2.2
Active Persistent Links 	0
Active Links 	0

Directive	Local Value	Master Value
shout.allow_persistent	On	On
shout.connect_timeout	60	60
shout.default_host	localhost	localhost
shout.default_mount	/phpShout	/phpShout
shout.default_password	hackme	hackme
shout.default_port	8000	8000
shout.default_user	source	source
shout.max_links	Unlimited	Unlimited
shout.max_persistent	Unlimited	Unlimited

Simplexml support	enabled
Revision 	$Id: 455280fc74f9f002b7314def7a456f6c3080eb92 $
Schema support 	enabled

NET-SNMP Support 	enabled
NET-SNMP Version 	5.7.1
PHP SNMP Version 	0.1

Soap Client 	enabled
Soap Server 	enabled

Directive	Local Value	Master Value
soap.wsdl_cache	1	1
soap.wsdl_cache_dir	/tmp	/tmp
soap.wsdl_cache_enabled	1	1
soap.wsdl_cache_limit	5	5
soap.wsdl_cache_ttl	86400	86400

Sockets Support 	enabled

SPL support	enabled
Interfaces 	Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes 	AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException

SQLite3 support	enabled
SQLite3 module version 	0.7
SQLite Library 	3.7.11

Directive	Local Value	Master Value
sqlite3.extension_dir	no value	no value

Dynamic Library Support 	enabled
Path to sendmail 	/usr/sbin/sendmail -t -i

Directive	Local Value	Master Value	1	1
assert.bail	0	0
assert.callback	no value	no value
assert.quiet_eval	0	0
assert.warning	1	1
auto_detect_line_endings	0	0
default_socket_timeout	60	60
from	no value	no value
url_rewriter.tags	a=href,area=href,frame=src,input=src,form=fakeentry	a=href,area=href,frame=src,input=src,form=fakeentry
user_agent	no value	no value

sysvmsg support 	enabled
Revision 	$Id: 6360183f0075ec66a3dfa01633b2ed808dd482af $

Tidy support	enabled
libTidy Release 	25 March 2009
Extension Version 	2.0 ($Id$)

Directive	Local Value	Master Value
tidy.clean_output	no value	no value
tidy.default_config	no value	no value

Tokenizer Support 	enabled

WDDX Support	enabled
WDDX Session Serializer 	enabled

xdebug support	enabled
Version 	2.2.0
IDE Key 	no value

Supported protocols	Revision
DBGp - Common DeBuGger Protocol 	$Revision: 1.145 $

Directive	Local Value	Master Value
xdebug.auto_trace	Off	Off
xdebug.cli_color	0	0
xdebug.collect_assignments	Off	Off
xdebug.collect_includes	On	On
xdebug.collect_params	0	0
xdebug.collect_return	Off	Off
xdebug.collect_vars	Off	Off
xdebug.coverage_enable	On	On
xdebug.default_enable	On	On
xdebug.dump.COOKIE	no value	no value
xdebug.dump.ENV	no value	no value
xdebug.dump.FILES	no value	no value
xdebug.dump.GET	no value	no value
xdebug.dump.POST	no value	no value
xdebug.dump.REQUEST	no value	no value
xdebug.dump.SERVER	no value	no value
xdebug.dump.SESSION	no value	no value
xdebug.dump_globals	On	On
xdebug.dump_once	On	On
xdebug.dump_undefined	Off	Off
xdebug.extended_info	On	On
xdebug.file_link_format	no value	no value
xdebug.idekey	no value	no value
xdebug.max_nesting_level	100	100
xdebug.overload_var_dump	On	On
xdebug.profiler_aggregate	Off	Off
xdebug.profiler_append	Off	Off
xdebug.profiler_enable	Off	Off
xdebug.profiler_enable_trigger	Off	Off
xdebug.profiler_output_dir	/tmp	/tmp
xdebug.profiler_output_name	cachegrind.out.%p	cachegrind.out.%p
xdebug.remote_autostart	Off	Off
xdebug.remote_connect_back	Off	Off
xdebug.remote_cookie_expire_time	3600	3600
xdebug.remote_enable	Off	Off
xdebug.remote_handler	dbgp	dbgp
xdebug.remote_host	localhost	localhost
xdebug.remote_log	no value	no value
xdebug.remote_mode	req	req
xdebug.remote_port	9000	9000
xdebug.scream	Off	Off
xdebug.show_exception_trace	Off	Off
xdebug.show_local_vars	Off	Off
xdebug.show_mem_delta	Off	Off
xdebug.trace_enable_trigger	Off	Off
xdebug.trace_format	0	0
xdebug.trace_options	0	0
xdebug.trace_output_dir	/tmp	/tmp
xdebug.trace_output_name	trace.%c	trace.%c
xdebug.var_display_max_children	128	128
xdebug.var_display_max_data	512	512
xdebug.var_display_max_depth	3	3

XML Support 	active
XML Namespace Support 	active
libxml2 Version 	2.7.8

XMLReader 	enabled

core library version 	xmlrpc-epi v. 0.51
php extension version 	0.51
author 	Dan Libby
open sourced by

XMLWriter 	enabled

XSL 	enabled
libxslt Version 	1.1.26
libxslt compiled against libxml Version 	2.7.8
EXSLT 	enabled
libexslt Version 	1.1.26

Zip 	enabled
Extension Version 	$Id$
Zip version 	1.9.1
Compiled against libzip version 	0.10.1

ZLib Support	enabled
Stream Wrapper 	compress.zlib://
Stream Filter 	zlib.inflate, zlib.deflate
Compiled Version 	1.2.5
Linked Version 	1.2.5

Directive	Local Value	Master Value
zlib.output_compression	Off	Off
zlib.output_compression_level	-1	-1
zlib.output_handler	no value	no value

ZMQ extension	enabled
ZMQ extension version 	@PACKAGE_VERSION@
libzmq version 	2.1.11

Additional Modules
Module Name

Variable	Value
BOOT_IMAGE 	/boot/bzImage-3.2.13-xxxx-grs-ipv6-64
PATH 	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

PHP Variables
Variable	Value
_REQUEST["submitted"]	1
_REQUEST["email"]	[email protected]
_REQUEST["password"]	danica4eva
_REQUEST["submit"]	no value
_POST["submitted"]	11040
_SERVER["HTTP_HOST"]	www.************.com
_SERVER["HTTP_USER_AGENT"]	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20120716 Firefox/15.0a2
_SERVER["HTTP_ACCEPT"]	text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_REFERER"]	*************
_SERVER["HTTP_COOKIE"]	fc=fcVal=8751802577521371040; PHPSESSID=cqvqrcm94sk4mu2436hnjfa1d2
_SERVER["CONTENT_TYPE"]	application/x-www-form-urlencoded
_SERVER["PATH"]	/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
_SERVER["SERVER_SIGNATURE"]	<address>Apache/2.2.22 (Fedora) Server at www.***********.com Port 80</address>
_SERVER["SERVER_SOFTWARE"]	Apache/2.2.22 (Fedora)
_SERVER["SERVER_NAME"]	www.*************.com
_SERVER["REQUEST_TIME_FLOAT"]	1343084302.829
_SERVER["REQUEST_TIME"]	1343084302

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email protected]

This post has been edited by mccabec123: 23 July 2012 - 05:27 PM

Was This Post Helpful? 0
  • +
  • -

#8 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3417
  • View blog
  • Posts: 12,133
  • Joined: 08-August 08

Re: Help returning encrypted password from database

Posted 23 July 2012 - 06:25 PM

What I was getting at before was that you need to simplify how you store and retrieve your password
$pass = pbkdf2($password, "butterScotch", 1000, 32);

Checking password:
$pass = pbkdf2($password, "butterScotch", 1000, 32);
$db_password = retreive_pass();
if($pass != $db_password) {
	error_log($pass.' '.$db_password);

Now if they don't match it's one of the other function that's got a bug:

Keep your code short and simple whenever possible, especially when debugging.

BTW, this:

			$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");

should be this:
			$statement = $conn->prepare("SELECT * FROM people WHERE username = ?");

Was This Post Helpful? 0
  • +
  • -

#9 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3938
  • View blog
  • Posts: 11,966
  • Joined: 08-June 10

Re: Help returning encrypted password from database

Posted 23 July 2012 - 10:53 PM

View PostCTphpnwb, on 24 July 2012 - 03:25 AM, said:

BTW, this:

			$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");

should be this:
			$statement = $conn->prepare("SELECT * FROM people WHERE username = ?");

that should be
			$statement = $conn->prepare("SELECT Firstname, Surname FROM people WHERE username = ?");
			// username is already in the script, so no need to fetch it again

and further, if you use UTF-8 in the DB, you need to set the connection to UTF-8 as well (IIRC, SET names 'UTF-8')

about the R issue, the encoded string does not contain an R, it contains an Ŗ (note the cedilla)
Was This Post Helpful? 1
  • +
  • -

#10 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6225
  • View blog
  • Posts: 23,977
  • Joined: 23-August 08

Re: Help returning encrypted password from database

Posted 24 July 2012 - 02:52 AM

And really, you should not be saving ENCRYPTED passwords; you should be HASHING them, then saving them. Read this
Was This Post Helpful? 0
  • +
  • -

#11 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3938
  • View blog
  • Posts: 11,966
  • Joined: 08-June 10

Re: Help returning encrypted password from database

Posted 24 July 2012 - 02:57 AM

@Jack: PBKDF2 itself is not an encryption function. it is a (quasi-)hashing function to create keys for data-encryption.

actually, PBKDF2 is recommended for creating secure hashes.
Was This Post Helpful? 1
  • +
  • -

#12 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6225
  • View blog
  • Posts: 23,977
  • Joined: 23-August 08

Re: Help returning encrypted password from database

Posted 24 July 2012 - 03:42 AM

Ah, I should have known better than to go by the title. So many people mistake hashing for encryption, I should have double-checked that.
Was This Post Helpful? 0
  • +
  • -

#13 mccabec123  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 233
  • Joined: 03-March 11

Re: Help returning encrypted password from database

Posted 24 July 2012 - 04:50 AM

View PostDormilich, on 23 July 2012 - 10:53 PM, said:

View PostCTphpnwb, on 24 July 2012 - 03:25 AM, said:

BTW, this:

			$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");

should be this:
			$statement = $conn->prepare("SELECT * FROM people WHERE username = ?");

that should be
			$statement = $conn->prepare("SELECT Firstname, Surname FROM people WHERE username = ?");
			// username is already in the script, so no need to fetch it again

and further, if you use UTF-8 in the DB, you need to set the connection to UTF-8 as well (IIRC, SET names 'UTF-8')

about the R issue, the encoded string does not contain an R, it contains an Ŗ (note the cedilla)

Where do I set the UTF-8, is it in the actual script or do I need to edit something to do with PHP? Sorry I about the mistakes I pulled all of this from one of my older scripts that worked fine, when I was just learning PDO over mysql_.


Nevermind I looked at your PDO guide and added the UTF-8 option but I'm still getting the same issue :( Seems like nobody knows what's going on :/

This post has been edited by mccabec123: 24 July 2012 - 05:07 AM

Was This Post Helpful? 0
  • +
  • -

#14 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3417
  • View blog
  • Posts: 12,133
  • Joined: 08-August 08

Re: Help returning encrypted password from database

Posted 24 July 2012 - 05:18 AM

Have you written these functions yet?

Writing code is about breaking bigger problems into simpler, smaller, more manageable problems. A long string of instructions in two different languages doesn't accomplish that.
Was This Post Helpful? 0
  • +
  • -

#15 Duckington  Icon User is offline

  • D.I.C Addict

Reputation: 172
  • View blog
  • Posts: 614
  • Joined: 12-October 09

Re: Help returning encrypted password from database

Posted 24 July 2012 - 05:34 AM

So...the password is stored properly when you look at it in the DB, but when you print it out in the PHP script you find it's wrong? Is that the state of play at the moment?

I'm assuming the characters you posted simply aren't rendering correctly in this forum, or does it actually contain all those unknown symbols and question marks?

A few other things you could try, if you haven't already:

- Ensuring the php script sends the header to set the correct charset (Try copy pasting from the DB and printint it out as a string in the script, see if that works. If it does, then we know it's a problem with the actual retrival of info from the DB, as opposed to the characters themselves).

- Set the default character set in your my.cnf file [link]

- Change the collation of your whole table and see if that makes a difference
Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3