I'm doing something like the following:
SELECT * FROM table WHERE user='$user';
$myrow = fetchRow() // previously I inserted a pass to the db using base64_encode ex: WRM2gt3R=
$somepass = base64_encode($_POST['password']);
if($myrow[1] != $somepass) echo 'error';
else echo 'welcome';
Im always getting error, I even echo $somepass and $myrow[1] they are the same, but still error. What Am I doing wrong? Thanks
Try using var_dump instead of echo - maybe one of them has a space or newline at the start/end.
Edit:
You must be storing it as CHAR(40): A fixed-length string that is always right-padded with spaces to the specified length when stored
Use VARCHAR or trim()
If $myrow[1] is actually the correct password in base64-encoding, I don't see any errors.
Try this ind the end:
echo "<br />$myrow[1] != $somepass";
What does it say?
And by the way: I don't see any reason to base64-encode the passwords. What are you trying to accomplish?
I think somehow if I do a var_dump() I get:
string(40) "YWRraM2= " string(8) "YWRraM2="
seems like somehow if I insert the data into the db using the console its adding an extra space to the pass field.
myplacedk: is there any reason why I should not be doing it? I thought it will add an extra leyer of security?
This encoding does two things:
So no, it doesn't really add any security. It's just an encoding, it's easy to decode.
Maybe you are mistaking it for md5-hashing or something like that.
Playing around is great, but when it comes to security, I really recommend not using something you don't understand. In the long run, it will do more damage than good.
Some issues: