HTML: <form method=post id=NewUserRegistration action=inc/q/addNewUser.php> Username: <input type=text name=userName /> <br /> Password: <input

Question

0

Asked: May 26, 20262026-05-26T16:07:09+00:00 2026-05-26T16:07:09+00:00

HTML: <form method=post id=NewUserRegistration action=inc/q/addNewUser.php> Username: <input type=text name=userName /> <br /> Password: <input

0

HTML:

            <form method="post" id="NewUserRegistration" action="inc/q/addNewUser.php">
                Username: <input type="text" name="userName" /> <br />
                Password: <input type="password" name="userPass" /> <br />
                Email: <input type="text" name="userEmail" /> <br /> 
                <input type="submit" name="submit" />
            </form>

PHP

<?php
#INSERT new (Requester)

$connect = mysql_connect("localhost", "root", "") or die ("Error , check your server connection.");
mysql_select_db("thedbname");

//Get data in local variable
if(!empty($_POST['userName']))
    $newRequesterUserName=mysql_real_escape_string($_POST['userName']);

if(!empty($_POST['userPass']))
#secure pass
$escapedInputtedPass=mysql_real_escape_string($_POST['userPass']);
$dynamSalt = mt_rand(); 
$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass);

if(!empty($_POST['userEmail']))
    $newRequesterEmail=mysql_real_escape_string($_POST['userEmail']); 

// check for null values
if (isset($_POST['submit'])) {
$query="INSERT INTO User (uUName, uUPass, uEmail, dynamSalt) values('$newRequesterUserName', '$SaltyPass', '$newRequesterEmail', '$dynamSalt')";
mysql_query($query)  or die(mysql_error());
    echo 'Registered!';
}

?>

No matter how many times I register successfully the uUName and uUPass insert fine into the database. But the dynamSalt always enters in with value: 32767

Why doesn’t it have the value it generates everytime this script is accessed? I tried outputting the value of $dynamSalt during the echo at the end with registered and it outputs a numerical value like 1939509953 — always 10 integers [0-9] . The database field type is INT[10] …

Anyone?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T16:07:10+00:00

Editorial Team

2026-05-26T16:07:10+00:00Added an answer on May 26, 2026 at 4:07 pm

mt_rand() uses the c-library rand(), which, if uninitialized, uses the seed 1.

Try opening and reading from /dev/urandom/ instead (c.f. http://www.php.net/manual/en/function.mt-rand.php#83655)

It is more secure and uses the hosts internal state which is changing, so that your output does not repeat.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

HTML: <form method=post id=NewUserRegistration action=inc/q/addNewUser.php> Username: <input type=text name=userName /> <br /> Password: <input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply