I have a php function in a php page called encrypt_password that I use when processing a registration form:
function encrypt_password($password){
$salt = sha1(md5($password));
$password = md5($password.$salt);
return $password;
}
I try to use it again for when I process the login form but I get a different result.
I get the correct result just by not calling this function and instead just calling:
$salt = sha1(md5($password));
$password = md5($password.$salt);
directly on my process_login page. Why would I get a different result by calling encrypt_password?
I hope I have explained this clearly enough!
Thanks!
I simply cannot believe this to be true. You say you have two pages, one with a registration form and one with a login form.
They both have to encrypt the password the user has posted.
There can be a number of things wrong here, depending on how you find they don’t match. Do you just try to login and see an error that your password is wrong? Or did you echo the password hash after a call to
encrypt_password? It would be nice to have done that to shown us a hash of the password ‘test’, from both the registration page and the login page. Perhaps someone could’ve seen a pattern.Anyway, let me guess:
md5(password)to register, then you read somewhere that was unsafe and added a salt. Now you’re comparing two different hashes for the same password, since the password is stored in the database using the old hashing function.$passwordwith$password = $_POST['password'];I guess. On both pages, I guess too. Are those statements on both pages typo-free? No$password = $_POST['pasword'];there? And are both<input>elements named “password”?