Ready to kick yourself?
What do you think that is doing?
It is *NOT* decrypting the pword
Instead, it is *FIRST* comparing the pword
field *AS IS* to the $mypassword
*THEN* it is decrypting the value true
which is the result of the comparison!!! (Well, it will surely be false
, of course.)
Now try this:
*NOW* you are decrypting the pword
field *BEFORE* comparing to $mypassword
Except this *STILL* won't work. That's because the aes_decrypt( )
function, just like the aes_encrypt
function, requires *TWO* arguments. The thing to be decrypted *AND* the encryption key that was used to encrypt it.
So you need to actually use
and aes_decrypt(pword,'WHATEVER THE KEY IS')='$mypassword';
Incidentally, this is not really the best way to encrypt passwords.
You really should use a one-way encryption algorithm, so that even you are not able to decrypt them. That way, if somebody ever did manage to break into your site, they wouldn't be able to runs aes_decrypt on the db and decrypt them. And if they broke into your system they would just look in the PHP code to find the place where you did aes_decrypt and run around decrypting all the passwords.
With a one-way encryption, you then always do this: