I am currently working on a school project and I have recently made no progress towards completing the login authorization. I am using a HASH and a SALT to register the new users. I can not find any resources that make seance to me so I decided to make an account here to ask my very own question.
This is my register script :
$username = $_POST['username'];
$email = $_POST['email'];
$first = $_POST['fname'];
$last = $_POST['lname'];
$salt = crypt("sha512", false);
$pass = $_POST['password'];
$password = hash("sha512", $salt . $pass . $salt, false);
$sql = "INSERT INTO `users` (`username`, `email`, `fname`, `lname`, `salt`, `password`) VALUES ('$username', '$email', '$first', '$last', '$salt', '$password')";
Then I have a checklogin.php script that is the action=”checklogin.php” on my index page which is the login page. This is the full script : http://pastebin.com/tKrsHaFU (paste bin)
My question is how do I validate my users that come to index.php page (login form) with the the users that are already in the database keep in mind I have a salt and Hash on the passwords.
First of all:
That generates a static salt, i.e. no variation. To generate a better one:
To validate the record, your SQL becomes:
However, you should look here: How do you use bcrypt for hashing passwords in PHP?