Please Help! can't read value back from AES_DECRYPT !!
Here is my problem:
I store some user's password in the database using the AES_ENCRYPT() function and get it back using the proper AES_DECRYPT() function. Now when I decrypt the password for the login it's not a problem and the user can login successfully. But then when I use the same code to send the password back to them(when they forgot it) via email, my resultset(java) keeps telling me the value is null...
I really don't understand....I even tried changing my column value to Blob instead of varchar and it still doesn't work...
Here's my code for the login(which works perfectly):
<%
// Keypass is an MD5 hash which i use as the key for encryption
String thakey = "SELECT p0o9i8u7y6t5r4e3w2q1 FROM 0p9o8i7u6y5t4r3e2w1q";
Statement keystmt = dbcon.createStatement();
ResultSet keyrs = keystmt.executeQuery(thakey);
keyrs.next();
String keypass = keyrs.getString(1);
String courriel = request.getParameter("courriel").trim();
String pass = request.getParameter("pass").trim();
String division = request.getParameter("division").trim();
String sqlstr = "SELECT AES_DECRYPT('membre_pass','" + keypass + "'),membre_courriel,membre_categorie FROM membres WHERE membre_courriel = '" + courriel + "' AND membre_pass = AES_ENCRYPT('" + pass + "','" + keypass + "') AND membre_division = '" + division + "' AND membre_actif = 'true'";
Statement stmt = dbcon.createStatement();
ResultSet rs = stmt.executeQuery(sqlstr);
rs.next();
String val1 = rs.getString("membre_courriel");
String val2 = rs.getString("membre_categorie");
if (val1 != null){
...some stuff
}else{
...some other stuff
}
%>
And here is the code to send the "forgotted password"(which doesn't work):
<%
String thakey = "SELECT p0o9i8u7y6t5r4e3w2q1 FROM 0p9o8i7u6y5t4r3e2w1q";
Statement keystmt = dbcon.createStatement();
ResultSet keyrs = keystmt.executeQuery(thakey);
keyrs.next();
String keypass = keyrs.getString(1);
String courriel = request.getParameter("courriel").trim();
String sqlstr = "SELECT AES_DECRYPT('membre_pass','" + keypass + "') FROM membres WHERE membre_courriel = '" + courriel + "'";
Statement stmt = dbcon.createStatement();
ResultSet rs = stmt.executeQuery(sqlstr);
rs.next();
String val2 = rs.getString(1); // THIS IS WHERE THE ERROR IS...I ALWAYS GET NULL SO EMAIL IS NEVER SENT !
if (val2 != null){
send email to client with password
}else{
warn client that emailing wasn't successfull...
}
%>
if someone can enlighten me i would be so grateful!! If I can't get that to work I guess i'll have to get the user to create a new password instead...which i don't find as user-friendly...but time is pressing on me unfortunately so...
Erick P.
www.affordablewebdesign.co.nz
Subject
Written By
Posted
Please Help! can't read value back from AES_DECRYPT !!
August 11, 2004 04:33PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.