I can’t figure why this isn’t working. At registration I have (in php) $data[‘salt’]

Question

0

Asked: June 15, 20262026-06-15T03:13:10+00:00 2026-06-15T03:13:10+00:00

I can’t figure why this isn’t working. At registration I have (in php) $data[‘salt’]

0

I can’t figure why this isn’t working.
At registration I have (in php)

$data['salt'] = randomStr(3);
$data['password'] = md5($data['salt'].md5($data['password']));

Then I have an IOS app passing a MD5 encrypted pw ($xpassword) to the web app.
So I thought if I use:

$q1_result = mysql_query("SELECT password, salt FROM `members` WHERE `username`='". $username. "'");
$row = mysql_fetch_array($q1_result);
echo "this should match? = " .md5($xpassword.($row['salt']));

The echo’d value should match that stored in the database as password

…but it doesn’t
Any help would be much appreciated

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T03:13:12+00:00

Editorial Team

2026-06-15T03:13:12+00:00Added an answer on June 15, 2026 at 3:13 am

It won’t match because you have the order wrong:

md5($row['salt'] . $xpassword)

In the first code you have salt + password, in the second code you have password + salt.

As @Michael also points out, you are double hashing the password which will mean it won’t match.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I can’t figure why this isn’t working. At registration I have (in php) $data[‘salt’]

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply