registration or login script not working accurately?

Question

I have tried enough to solve this problem. I have coded a script to register and login in my program. The script works fine if I insert a small password but if i insert a long password like 123456789 then it does not work. please check my code and point out the mistake.

Here is my script

  <?php
  //Turn off all error reporting
  error_reporting(0);
  define("ENCRYPTION_KEY", "greatindian");
   /**
  Returns an encrypted & utf8-encoded
   */
 function encrypt($pure_string, $encryption_key) {
 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
return $encrypted_string;
}

/**
Returns decrypted original string
*/
function decrypt($encrypted_string, $encryption_key) {
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
return $decrypted_string;
  }
/*http://localhost/sgame.php?action=register&&name=mrugesh&&email=mrugesh.shah00143@gmail.com&&password=123456789&&key=nation*/
/* require the authentication as the parameter registration start here*/


if(($_GET['action'])&&($_GET['name'])&&($_GET['email'])&&($_GET['password'])&&($_GET['key'])) {

$action=$_GET['action'];
$name=$_GET['name'];
$email=$_GET['email'];
$password=$_GET['password'];
//$pass= md5($password);
$encrypted_password = encrypt($password, ENCRYPTION_KEY);
$key= $_GET['key'];
if($key=='nation'){

if($action=='register'){    

 $con = mysql_connect('localhost','root','rose') or die('Cannot connect to the DB');
 mysql_select_db('project',$con);

 /* grab the posts from the db */

 $query = mysql_query("INSERT INTO `register` (name,email,password)
 VALUES ('".$name."','".$email."', '".$encrypted_password."')");
 if($query){
       echo "Data inserted";
/*Auto genrated registration mail  */

 require_once('class.phpmailer.php');
 require 'PHPMailerAutoload.php';

 $mail = new PHPMailer();
 $mail->IsSMTP();
 $mail->SMTPAuth = true;
 $mail->SMTPSecure = 'tls';
 $mail->Host = "smtp.gmail.com";
 $mail->Port = 587;
 $mail->Username = "ramesh123@gmail.com";
 $mail->Password = "123456789";
 $mail->SetFrom( $email, 'project');
 $mail->Subject = "Welcome to project";
 //$mail->SMTPDebug = 1;
 $body= file_get_contents('email2.html');                              
 $address =$email;
 //$name=$name;
$mail->MsgHTML($body);
$mail->AddAddress($address);
if($mail->Send()) {
echo "Message sent!";
} else {
 echo "Mailer Error: " . $mail->ErrorInfo;
 }



   }

   mysql_close($con);
  //
 //$posts = array($json);
 $posts = array(1);
header('Content-type: application/json');
json_encode(array('posts'=>$posts));

 }
  }else{
  echo "You are not authorized person";
  }
  }
  /*login*/

  if(($_GET['action'])&&($_GET['email'])&&($_GET['password'])){
  $login= $_GET['action'];
  $email = $_GET['email'];
  $password = $_GET['password'];
  //$pass = md5($password);
  $encrypted_password = encrypt($password, ENCRYPTION_KEY);echo"<br>";


  /* insert this link in broweser to check the script
  http://localhost/sgame.php?action=login&&   email=mrugesh.shah00143@gmail.com&&password=123456789*/       

  if($login=='login'){
   $connect = mysqli_connect('localhost','root','rose')or die("Couldn't connect to database!");
   mysqli_select_db($connect,'project') or die ("Couldn't find database");

    $query = mysqli_query($connect,"SELECT * FROM register WHERE email ='$email' ");
   $numrows=mysqli_num_rows($query);
   if($numrows!==0)
   {
    while($row = mysqli_fetch_assoc($query))
   {

      $dbpassword = $row['password'];
      $dbemail =    $row['email'];
   }




        if($dbpassword==$encrypted_password&&$dbemail==$email){

            $Return['status'] = 'true';
            $Return['message'] = "you are successfully logged in";




        }else{
            $Return['status'] = 'false';
            $Return['message']= " Please enter valid email and password";

         }


        header('Content-type: application/json');
        echo  json_encode($Return);


                    }                     

                  }
                }       

                 /*login ends here*/    
                ?> 

Answer 1

I could not get your code to encrypt and match login password entered and saved encrypted password. Amended code and this seems to work fine. I just concentrated on password matching so simulated database access and login by just setting 2 strings (that's what you pull from database anyway) also simplified things by not comparing email at this stage. Get the password working first then you can begin adding other variables such as email etc.

<?php
define("ENCRYPTION_KEY", "greatindian");
function encrypt($pure_string, $encryption_key) {
 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
return $encrypted_string;
}
$registered_password = '12345678901234567890';
$encrypted_password = encrypt($registered_password, ENCRYPTION_KEY);
echo $encrypted_password.'<br>';
//store in database
//compare with login
$login_password='12345678901234567890';

if(encrypt($login_password, ENCRYPTION_KEY)==$encrypted_password){
    echo 'match';
}
else {echo 'no match';
}
?>