Menu
I am currently working on a school project and I have recently made no progress towards completing the login authorization. I am using a HASH and a SALT to register the new users. I can not find any resources that make seance to me so I decided to make an account here to ask my very own question.
This is my register script :
$username = $_POST['username'];
$email = $_POST['email'];
$first = $_POST['fname'];
$last = $_POST['lname'];
$salt = crypt("sha512", false);
$pass = $_POST['password'];
$password = hash("sha512", $salt . $pass . $salt, false);
$sql = "INSERT INTO `users` (`username`, `email`, `fname`, `lname`, `salt`, `password`) VALUES ('$username', '$email', '$first', '$last', '$salt', '$password')";
Then I have a checklogin.php script that is the action="checklogin.php" on my index page which is the login page. This is the full script : http://pastebin.com/tKrsHaFU (paste bin)
My question is how do I validate my users that come to index.php page (login form) with the the users that are already in the database keep in mind I have a salt and Hash on the passwords.
766
First of all:
$salt = crypt("sha512", false);
That generates a static salt, i.e. no variation. To generate a better one:
$salt = uniqid(mt_rand(), true); // the paranoid use openssl_random_pseudo_bytes()
To validate the record, your SQL becomes:
$sql="SELECT * FROM $tbl_name WHERE username='$myusername'";
$result=mysql_query($sql);
// ...
if ($count==1) {
$row = mysql_fetch_assoc($result);
if (hash('sha512', $row['salt'] . $_POST['mypassword'] . $row['salt']) == $row['password']) {
// validation passed, rejoice!
}
}
However, you should look here: How do you use bcrypt for hashing passwords in PHP?
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
