Menu
I'm using sha256 to encrypt the password. I can save the sha256 encrypted password in mysql. But i can't login with the same clause.
Insert code:
<?php error_reporting(E_ALL ^ E_NOTICE); $username = $_POST['uusername']; $passcode = $_POST['ppasscode']; $userflag = $_POST['uuserflag']; //$passcodeen = hash('sha256',$passcode); $passcodeen = hash('sha256', (get_magic_quotes_gpc() ? stripslashes($ppasscode) : $ppasscode)); $conn = mysql_connect("localhost","charles","charles") or die("connection failed with DB:".mysql_error()); mysql_select_db("sessiondb"); $query = "INSERT INTO users(username,passcode,userflag) values('$username','$passcodeen','$userflag')"; Select code:
<?php error_reporting(E_ALL ^ E_NOTICE); @mysql_connect("localhost","charles","charles") or die("Connection failed".mysql_error()); @mysql_select_db("sessiondb") or die("Database doesn't exist".mysql_error()); //get user input $username = $_POST['username']; $ppasscode = $_POST['ppasscode']; //$passcodeen = hash('sha256', $ppasscode); $passcodeen = hash('sha256', (get_magic_quotes_gpc() ? stripslashes($ppasscode) : $ppasscode)); //get session value from mysql $query = @mysql_query("select username, userflag from users where username ='$username' and passcode = '$passcodeen'") or die("Query execution failed".mysql_error()); Is there something wrong? I'm very confused. Thanks.
670
The SHA-256 algorithm is not yet easily cracked. Moreover SHA256 algorithm, such as SHA-512 algorithms compared to other secure top model is calculated more quickly is currently one of the most widely used algorithms. However, IT experts talk about allegations and developments that SHA-256 may be vulnerable very soon.
SHA256 is a hashing function, not an encryption function. Secondly, since SHA256 is not an encryption function, it cannot be decrypted.
SHA-256 generates an almost-unique 256-bit (32-byte) signature for a text. See below for the source code. A hash is not 'encryption' – it cannot be decrypted back to the original text (it is a 'one-way' cryptographic function, and is a fixed size for any size of source text).
Could this be a typo? (two Ps in ppasscode, intended?)
$_POST['ppasscode']; I would make sure and do:
print_r($_POST); and make sure the data is accurate there, and then echo out what it should look like:
echo hash('sha256', $_POST['ppasscode']); Compare this output to what you have in the database (manually). By doing this you're exploring your possible points of failure:
99
First of all, sha256 is a hashing algorithm, not a type of encryption. An encryption would require having a way to decrypt the information back to its original value (collisions aside).
Looking at your code, it seems it should work if you are providing the correct parameter.
Try using a literal string in your code first, and verify its validity instead of using the $_POST[] variable
Try moving the comparison from the database query to the code (get the hash for the given user and compare to the hash you have just calculated)
But most importantly before deploying this in any kind of public fashion, please remember to sanitize your inputs. Don't allow arbitrary SQL to be insert into the queries. The best idea here would be to use parameterized queries.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
