I have a very simple login/user registration script that stores passwords using sha1 and salt. I have the passwords and user creation working fine and storing everything in the database just fine, but when I try to log in with the credentials, it doesn’t work. I can’t seem to find anything upon searching this topic.
Here is my add user form:
session_start();
include("includes/resume.config.php");
// make sure form fields have a value and strip them
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}
// get form values, escape them and apply the check_input function
$name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
$email = $link->real_escape_string(check_input($_POST['email'], "Please enter an email!"));
$password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
// generate a random salt for converting passwords into MD5
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW = $password . $salt;
$hashedPW = sha1($saltedPW);
mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
// select the db
mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
// our sql query
$sql = "INSERT INTO admins (name, email, password, salt) VALUES ('$name', '$email', '$hashedPW', '$salt');";
//save the updated information to the database
mysqli_query($link, $sql) or die("Error in Query: " . mysqli_error($link));
if (!mysqli_error($link))
{
header("Location: file_insert.php");
}
And here is my login script: This is what is not working
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
die($problem);
}
return $data;
}
if(isset($_POST['submitLogin'])) { //form submitted?
// get form values, escape them and apply the check_input function
$name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
$password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
$saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
$salt = mysqli_fetch_assoc($saltQuery);
$saltedPW = $password . $salt;
$hashedPW = sha1($saltedPW);
mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
// select the db
mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
$validate_user = $link->query('SELECT id, name, password FROM admins WHERE name = "'.$name.'" AND password = "'.$hashedPW.'"');
if ($validate_user->num_rows == 1) {
$row = $validate_user->fetch_assoc();
$_SESSION['id'] = $row['id'];
$_SESSION['loggedin'] = TRUE;
Header('Location: file_insert.php');
} else {
print "<center><p style='margin-top: 200px; font-weight: bold;'>Invalid Login Information</p>";
print "<a href='admin-login.php'>Click here</a> to return to the login page.</center>";
}
}
There may be more going on, but certainly one reason it isn’t working is because
mysqli_fetch_assocreturns an array, and you are using it like a string.PHP would complain about an array to string conversion when you call
$password . $saltsince at this point$saltis an array. The result is that you get the wordArrayappended to the password which results in an incorrect hash. If you havedisplay_errorsoff and/orerror_reportingset to hide notices inphp.inithen you wont see this message.If you change:
to:
then it should work.
In addition, you should escape
$saltbefore you insert it into the database because its possible it could contain null, unprintable, or single/double quotes since its randomly generated.