Home/ Questions/Q 6612741
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T20:08:03+00:00

I am salting users’ passwords with a mysql column which has the type timestamp

  • 0

I am salting users’ passwords with a mysql column which has the type timestamp and default is CURRENT TIMESTAMP.

Both of my timezones for mysql and php are identical.

My problem is this,

 $q = $dbc -> prepare("INSERT INTO accounts (password) VALUES (?)");
 $q -> execute(array(hash('sha512', 'somestaticsalt' .  $_POST['password'] . time())));

Now as you can see I have to hash with PHP’s time function and on the mysql side it is a default timestamp.

Somewhere there must be an overlap because where users’ are entering correct information it is still failing to match the hashed password in the database.

I have tried inserting time() into the joined column but it returns at 1970. Also I do not want to save the timestamp as an INT as this isn’t the correct thing to do, so what is your thoughts?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your salt really should be random.

    A small improvement on your code (you could do a lot better, like use bcrypt or at least some stretching on sha512):

    $salt = md5(time() . 'some-other-static-salt'); //more random than time() along.
$q = $dbc -> prepare("INSERT INTO accounts (password, salt) VALUES (?, ?)");
$q -> execute(array(hash('sha512', 'somestaticsalt' .  $_POST['password'] . $salt), $salt));

    Now you’re no longer depending on CURRENT_TIMESTAMP returning the same thing as time(), and you’ve got a better salt.

    EDIT: if you insist on doing it your way, look at what mysql returns for that timestamp column. I bet it looks like “Y-m-d H:i:s” and not like a unix timestamp. Of course, you should have been able to figure that out yourself. Assuming that’s true, wrap it in strtotime and you might have some success.

    • 0