Home/ Questions/Q 9242419
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T08:34:36+00:00

I am creating a login system. But for whatever reason I can’t get the

  • 0

I am creating a login system. But for whatever reason I can’t get the password to validate properly. It keeps telling me the password is wrong when I know the password is correct. Here is the form code:

<form id="login" action="login_processing.php" method="post">
    <label2>Email</label2>
    <input type="text" name="email">
    <label2>Password</label2>
    <input type="password" name="password">
    <a class="forgot_password" href="forgot.php">Forgot password?</a>
    <input type="submit" class="custom_submit" name="sign_in" value="Sign In">
    <br />
    <br />
    <br />
    <a href="#sliderName" class="next">Create Account</a>
</form>

Here the code for processing the login information on login_processing.php:

require_once 'database_connect.php';
session_start();

$email = $_POST['email'];
$password = $_POST['password'];

$email = mysql_real_escape_string($email);
$findLogin = "SELECT password, salt FROM client_login WHERE email = '$email';";
$loginResult = mysql_query($findLogin);
if (mysql_num_rows($loginResult) < 1){
    $_SESSION['errNo_account'] = 'No account with that email exists';
    header('Location: login.php');
}
$userData = mysql_fetch_array($loginResult, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
if ($hash != $userData['password']){
    $_SESSION['errPassword_incorrect'] = 'Incorrect Password';
    header('Location: myaccount.php');
}
else{
    $idSelect = "SELECT client_id FROM client_login WHERE email = '$email' ";
    $idResult = mysql_query($idSelect);
    while($idData = mysql_fetch_assoc($idResult)){
        $_SESSION['client_id'] = $idData['client_id'];
    }

}

Here is the original registration page hashing the password and adding salt:

function createSalt(){
        $string = md5(uniqid(rand(), true));
        return substr($string, 0, 3);
    }
        $salt = createSalt();
        $hash = hash('sha256', $salt . $hash);  

    $insertLogin = "INSERT INTO client_login(email, password, salt, created) VALUES('$email','$hash', '$salt', '$today')";
    mysql_query($insertLogin);

It keeps telling me that my password is incorrect… when I KNOW its not. I can’t seem to figure out what the error is and ITS DRIVING ME NUTS!!!

Any help would be greatly appreciative.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    in your registration script, you are using a single hash of the concated salt and pw, but in your login script you are using nested hash() calls.

    registration:

    $hash = hash('sha256', $salt . $hash);

    login:

    $hash = hash('sha256', $userData['salt'] . hash('sha256', $password));

    notice the difference?

    • 0