PHP Login code error with hashing password
Question
Here is my Login code, it was working perfectly but after adding securities to password like hashing and coding it creates password exactly same to the saved password but even more longer. $hash is exactly same as password but then it continues to a very big digit. Please help to solve it. Thanks in advance.
$hash = hash('sha256',$check_password['Salt'].$hash1) this code has been used in registration form and though their is same formula in both page login and registration i dont understand why in login it takes such a linger number after it matches completely same to the one in DB that created while registration
<?php
//database connection
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST["submit"])) {
$check_table = "SELECT Email, Password, Salt FROM register where Email = '$username'";
$check_sql_query = mysql_query($check_table);
$check_num_rows = mysql_num_rows($check_sql_query);
$check_password = mysql_fetch_array($check_sql_query, MYSQL_ASSOC);
$hash1=hash('sha256',$password);
$hash = hash('sha256',$check_password['Salt'].$hash1);
if($hash != $check_password['Password']) {
echo "Invalid Credentials";
echo "<br />";
echo $password;
echo "<br />";
echo $hash;
echo "<br />";
echo $check_password['Password'];
echo "<br /><br /><br />";
echo "salt value ".$check_password['Salt'];
}
else {
echo "Welcome to Website";
}
}
?>
OUTPUT
Invalid Credentials
r12345678 => Password
fe55b0cf0832801955af05cb29015191f1299809d96df88a2484192423be3b7a => $hash
fe55b0cf0832801955af05cb290151 => Password
salt value 04cb1e96d31e9086ef9b36e1a9dbd6
2 answers
solution1
1 2014-06-13 13:53:07
I may be wrong, but have you checked your "password" column in your database , I am getting the impresion that it has set a "charlimit" that truncates your passwords when you save them. So when you retrieve it it shorter than your hash.
Also, as a side note, try to switch from mysql_function's to PDO or an abstraction layer.
solution2
0 ACCPTED 2014-06-13 14:05:11
Your password seems to be the first 30 characters of the hash... i think it may have something to do with the character limit of the varchar in your database.
Can you also share the line which generates the password when the user is created before you store it in the table. Do you have a salted hash being applied the same way at both ends, when creating and when verifying
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.