I'm creating users with encrypted passwords on database using mcrypt method like this:
$key = '1234567890123456';
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size);
$encryp_pass = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password2, MCRYPT_MODE_ECB, $iv);
mysql_query("UPDATE usuarios SET pass_usuario = '".$encryp_pass."' WHERE id_usuario = '".$id_user[0]."' ");
...so that user just created is stored in database with his password encrypted.
Now, when that user logs into the system what i do (or what i'm trying to do) is encrypt the password he inputs on the textfield so then i compare that value with the value on the database. I encrypt the password the same way i did when creating the user like this:
$key = '1234567890123456';
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size);
$encryp_pass = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv);
$query_pass_existe = mysql_query("SELECT pass_usuario FROM usuarios WHERE nick_usuario = '".$nick."'");
$pass_user_fromDB = mysql_fetch_assoc($query_pass_existe);
Then i compare both passwords: the one extracted from database and the one encrypted from the login form:
if (utf8_encode($encryp_pass) == utf8_encode($pass_user_fromDB['pass_usuario'])) {
echo 'both are equals';
}else{
echo 'they're totally different';
}
Right now, i'm getting both as different. So i print them to see the result:
echo utf8_decode($pass_user_fromDB['pass_usuario']);
echo "<br>";
echo utf8_decode($encryp_pass);
echo "<br>";
but they are ALMOST alike, take a look:
=???0?1y?Y7h???[.?0????1m
=???0?1y?Y7h???\[.?0????1m
They are ALMOST the same but because of that \ i can't continue with the login successfully. I've checked the column and i have set it as: utf8_general_ci. I'm thinking on using AES encryption but i read on this article that for mysql is better to use mcrypt.