PHP - Php/mysql - Encrypting & Quickly Decrypting Database Fields

I'm using mcrypt to encrypt a field and decrypt it.  That works OK.  But when I insert the encrypted field into a mySQL table, select it, decrypt it and try to display it, I get garbage.

What am I missing?  Thanks for any suggestions.

Here's the code:


echo "The encrypt and decrypt example...<br/>";

// Designate string to be encrypted
$string = "Ed O'Reilly";

// Encryption/decryption key
$key = "arG4thaker2";

// Encryption Algorithm
$cipher_alg = MCRYPT_RIJNDAEL_128;

// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, 
MCRYPT_MODE_ECB), MCRYPT_RAND);

// Output original string
print "Original string: $string <p>";

// Encrypt $string
$encrypted_string = mcrypt_encrypt($cipher_alg, $key, 
$string, MCRYPT_MODE_CBC, $iv);

// Convert to hexadecimal and output to browser
print "The encrypted string: ".bin2hex($encrypted_string)."<p>";

$decrypted_string = mcrypt_decrypt($cipher_alg, $key, 
$encrypted_string, MCRYPT_MODE_CBC, $iv);

print "The decrypted string: ".rtrim($decrypted_string)."";

echo "<br/>testing db storing & retrieval for the encryption/decryption...<br/>";

# make connection (Game server connections are variable and are done later when needed)
if (!$cxnAdmin = mysqli_connect($hostAdmin, $userAdmin, $passwordAdmin, $dbnameAdmin))
{
die("Could not connect to MySQL server Admin (".mysqli_connect_error().")");
}

$sql="INSERT INTO testdb.nametable (
name,
email
)
VALUES (
'$encrypted_string',
'test@test.com'
)
;
";

$result = mysqli_query($cxnAdmin,$sql);
if($result == false)
{
echo "<h4>Error on nametable Insert: ".mysqli_error($cxnAdmin)."</h4>";
}

$sql="SELECT name
FROM testdb.nametable
WHERE email='test@test.com'";

if (!$result = mysqli_query($cxnAdmin,$sql))
{
echo "<h4>Error on nametable Select: ".mysqli_error($cxnAdmin)."</h4>";
}

$row = mysqli_fetch_assoc($result);
extract($row);

// Convert to hexadecimal and output to browser
print "The encrypted string from db: ".bin2hex($name)."<p>";

$decrypted_name = mcrypt_decrypt($cipher_alg, $key, 
$name, MCRYPT_MODE_CBC, $iv);

print "The decrypted string from db: ".rtrim($decrypted_name)."";


and here's the output:

The encrypt and decrypt example...
Original string: Ed O'Reilly

The encrypted string: 01bc70f5dc5a7ca204cb45bd2eeb0214

The decrypted string:Ed O'Reilly
testing db storing & retrieval for the encryption/decryption...
The encrypted string from db: 5938f7fc81961d2efc6db64607baf465

The decrypted string from db: <garbage characters I can't display here>

I wrote a piece of code that lists images that don't have a match in the database:

Code: [Select]
$dir_path = '../images/productImages';
$images = scandir($dir_path);

$query = "SELECT image FROM Database_table ORDER BY name DESC";

$results = mysql_query($query);

$output  = "<h1>Missing Images</h1>";
$output .= "<div class=\"missingImages\">";
$output .= "<p>The following data was found in the Database_table.images field but not in /images/productImages:</p>";
$output .= "<div class=\"missingImg\">";
$output .= "<p class=\"fieldName\">Database_table.images:</p>";

while ($fetch = mysql_fetch_array($results)) {

$clean_fetch = str_replace("productImages/", "", $fetch);
$diff = array_diff($clean_fetch, $images);
foreach (array_unique($diff) as $key => $value) {

$output .= $value . "<br />";
}
}

$output  .= "</div>";
$output  .= "</div>";

echo $output;
Works.

Now I would like to check whether there are any files in the folder that are not in the database table.

I thought it would be as easy as swapping the array_diff parameters around but it's not.

When i swap the parameters like so - array_diff($images, $clean_fetch) it gives me a list of ALMOST all the images in the image folder, which i don't understand.

Why does it not give me only the images that are present in the folder but not in the database?

Hi all,
I'm brand new to php / mysql and I'm trying to modify this script which currently runs a search on two fields "product_number" and "product_name". I also want the search to consider a third field "product_type". When I remove either product_name or product number from the following part of the code, it removes that field from being considered in the search: Code: [Select]
$search_map = array($orderby, 'product_number','product_name',);
So shouldn't I be able to just add the third field's name to this array and have it be considered too? I'm a complete beginner so I'm hoping this is a simple fix and I just dont get it.

Here's the rest of what I think is the relevant code:
Code: [Select]
function load_all_products()
{
    global $AppUI;
    global $sorted_item_list;
    global $additional_pfilter;
    load_type_list();
    $orderby = 'product_id';
    $search_map = array($orderby, 'product_number','product_name',);
    $where = $AppUI->getState( 'QuoteIdxWhere' ) ? $AppUI->getState( 'QuoteIdxWhere' ) : '*';
    $not =" ";
    $op =  " OR";
    $check = substr(trim($where),0,4);
    if(stristr($check,"NOT")){
        $op ="AND";
        $not = " NOT ";
        $where = substr(trim($where),4);
        $where = trim($where);
    }

    // assemble the sql statement
    $q = new DBQuery;
    $q->addTable('products');
    $q->addJoin('companies', 'com', 'products.product_company_id = com.company_id');
    $q->addJoin('users', 'u', 'products.product_owner = u.user_id');
    $q->addQuery('products.*, com.company_name, u.user_username');
    $where_filter = " ";
    foreach($search_map as $search_name)
        $where_filter .=" $op $search_name $not REGEXP '$where'";
    $where_filter = substr($where_filter, 5);
 //   echo $where_filter;
    if($where != "*")
       $q->addWhere("($where_filter)");
    $q->addOrder('product_id');

    $sql = $q->prepare();
    $q->clear();
    $sql_list = db_exec( $sql );
    if ($sql_list)
  $rn = db_num_rows( $sql_list );
    else {
   echo db_error();
   $rn = 0;
    }

$product_list = array();
    foreach ($sql_list as $item)
{

$product_list[ $item[ 'product_id' ] ] = $item;

}

// sort the list

global $sort_state;
if ( !isset( $sort_state ) ) $sort_state = getProductSortState();

if ( isset( $sort_state[ 'sort_item1' ] ) )
{
if ( isset( $sort_state[ 'sort_item2' ] ) )
{
$sorted_item_list = array_csort2( $product_list, $sort_state['sort_item1'], intval( $sort_state['sort_order1'] )
, $sort_state[ 'sort_item2' ], intval( $sort_state['sort_order2'] ) );
}
else
{
$sorted_item_list = array_csort2( $product_list, $sort_state['sort_item1'], intval($sort_state['sort_order1']) );
}
}
else $sorted_item_list = array_csort2( $product_list, 'product_id' );

}
Thanks!

Hiya
I was wondering how one would get make dynamic url variable value pairs from a databases fields.

I have a database that I want to use to store variable value pairs that will be used on my pages for dynamic content.

It will check one thing for certain besides if the variable value pair match.

The table looks like this
rpg loc_type loc_type template
I want it to check if the rpg is in an array and then check if the url variable and value pair match on from the database.

I dont know much about auto code that would generate this on its own and I'm not sure if you can say

$_GET[$location];

I dont want to hard code it so it only works with what i code I want the urls variable value pair to be based on the database info which determines which template to show based on those values.

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=352528.0

Hi friends,
a quick print_r() shows the following array while connecting to my database. How to get them as individual items and display on the website ?
Array
(
    [0] => Array
        (
            [id] => 52
            [document_name] => xyz
            [document_ext] => gif
            [download_file_name] => ktm_impact.gif
            [upload_dt] => 2010-08-11
        )

)

I have a relational table call sales with prodcut_id and custmer_id tables. I also have a product and customer tables. products table with product_id as an auto increment and customer with custumer_id I want to join through the sales tables all t he fields of row 1 from tables customer and products and pull it at once.


This is a member login script and I want to display the products by members.

So far I have this query to display the products once the member is login in. $userid is the id of the customer coming from the $userid= $_SESSION['customer_id'];


$mysqlSales="SELECT products.* FROM products JOIN sales ON (products.product_id = procuct_id ) WHERE sales.customer_id = '$userid'";


so far that statement is not working where should I have some type of incoherance with the english statement above expressing what I want the query to do.

hi every body. i want a loop that takes and shows more than one record from database. and then i want to show these to user by ajax.   indeed i made an html page that when user arrives at end it must do this.   first i made loop that took one record from database and it worked fine.   but for taking several records it went wrong.   this is my html file that has interact by user  webgoo-ajax.html   4.36KB   2 downloads   and this is my php file that interacts by database  ajax-get.php   1012bytes   3 downloads   when user arrives at end of page naturally ajax must be run and show several records to user.but it does'nt. first it stays idle for 3 minutes and then loads my first record extremely.   and a point: if these pages does'nt work on IE it will work on Firefox because it did'nt worked in IE for me too.   i just want a for loop that work correctly for my need.   thank you for everything                                       

I seem to be having a problem with the below script, on the 1st run it doesnt print the $variables, but on refresh these a being written to file once?

Code: [Select]

if(isset($_GET['sprop']) && ($_GET['sprop'] == "update"))
{

//my connection stuff
//
//
$playername = "userid";

$nether = $_POST["nether"];
$lname = $_POST["lname"];
$query = $_POST["query"];
$flight = $_POST["flight"];
$portdd = $_POST["port"];
$rcon = $_POST["rcon"];
$seed = $_POST["seed"];
$sip = $_POST["sip"];
$wlist = $_POST["wlist"];
$san = $_POST["san"];
$omode = $_POST["omode"];
$pvp = $_POST["pvp"];
$dif = $_POST["dif"];
$sname = $_POST["sname"];
$gmode = $_POST["mode"];
$pmax = $_POST["max"];
$sm = $_POST["sm"];
$view = $_POST["view"];
$motd = $_POST["motd"];

sleep(3);

$sftp = new Net_SFTP($ftp_s);
if (!$sftp->login($ftp_u, $ftp_p)) {
    exit('Login Failed');
}

echo $sftp->pwd() . "\r\n";
$sftp->put
("/root/mc/server.properties", "allow-nether=$nether
level-name=$lname
enable-query=$query
allow-flight=$flight
server-port=$portdd
enable-rcon=$rcon
level-seed=$seed
server-ip=$sip
white-list=$wlist
spawn-animals=$san
online-mode=$omode
pvp=$pvp
difficulty=$dif
server-name=$sname
gamemode=$gmode
max-players=$pmax
spawn-monsters=$sm
view-distance=$view
motd=$motd");
}

As you can see, I have try adding a sleep to give it time to catch up but something tells me the variables are not being set 1st time for some reason, can anyone shine any light on this?

Hello,
is there a way to move one object left to right or right to left without writing 10000 times &nbsp;
Thank you

So I am trying to encrypt my web form and I have no idea where I put MD5 and where do I put it in MSQLADM

<?php
session_start();
include "common.php";
$message = $_GET['message'];
//COLLECT POST data
$formValue=array();
foreach ($_POST as $key => $value) {
$formValue[$key] = strip_tags($value);

//Lets register some POST Backs
//This will allow us to repopulate form fields in the future if needed
   $_SESSION['post_vars'][$key] = $value;
}//close for loop


$myform = $_GET['CreateRecord'];


if($myform==1){

//echo "test";



//Check for empty fields
   if($formValue['FirstName']=="" ||
   $formValue['Surname']=="" ||
   $formValue['UserName']=="" ||
   $formValue['Email']=="" ||
   $formValue['PassWord']=="" ){
   

$message = "missing form data, please check" ;
header("Location: register.php?message=$message");

}else{   
//Carry on with routine

DBConnect();
$Link = mysql_connect($Host, $User, $Password);
//$agentID = $_SESSION['userID'];
$agentID = "1";
$Query = "INSERT INTO $Table_2 VALUES ('0',
'".mysql_escape_string($formValue["FirstName"])."',
'".mysql_escape_string($formValue["Surname"])."',
'".mysql_escape_string($formValue["UserName"])."',
'".mysql_escape_string($formValue["Email"])."',
'".mysql_escape_string($formValue["PassWord"])."')";


if(mysql_db_query ($DBName, $Query, $Link)){
$message = "Successfully Registered!";
header("Location: login.php?message=$message");
}else{
$message = "Error Inserting!";
header("Location: register.php?message=$message");
         }//close db query conditional
      }//close form validation conditional
   }//close form submit conditional

?>

Thanks in advance

Whats the best way to encrypt passwords?

Would something like this work?

Code: [Select]
crypt(sha1($salt.md5($salt).'hello'.sha1($salt)), $salt)

Hi

So I'm very new to php, and I've got a POST form with credit card information.  Can anyone please explain to me in simple terms or give me a code to encrypt the data sent on the form and decrypt it so that when I get it in my email inbox I can understand it?

Thank you!

At the moment  I am creating a search function for my website.
The approach I have in mind is a pseudo-PHP database. To give an example:

A HTML form will submit the results to a PHP file.

HTML FORM - Colour: Black
PHP RESULT PAGE - if ($_POST['color'] == 'Black') {readfile("./products/black/*.html");}
HTML FORM - Price: <$50
PHP RESULT PAGE - if ($_POST['Price'] == '<$50') {readfile("./products/less50/*.html");}

The problem here is if there is an item that is black and costs less than $50, then its going to be listed twice. There is probably some code I can write to ommit the listing of duplicate entries, but it is probably going to be messy, so I am wondering if its better to use a centralized MySQL database, rather than a pseudo-PHP database? I've never used MySQL and don't know much about it and this is my first real attempt at using PHP.

Hi everyone,
I am working on a website that involves MySQL. Here is the example to my table.


field1 | field2

George Fritz | www.fritz.org
Linda Gomez | www.gomez.org

I need a code, that will fetch field2 of the given field1. For example, if $field1 is George Fritz, the code should return www.fritz.org
Any help?

Thanks...
Funstein