I’m having this login system, where I’ve just (finally) got hash 256 added. Earlier today I had a very long thread with @KingCrunch and some others, who helped me a lot. Thanks a lot again.
But what I wan’t to do now, is that I wanna have the $salt to be unique by using:
$salt = uniqid(mt_rand()); $salt = uniqid(mt_rand());
$password = hash('sha256', $salt.$_POST['password']);
Upon creating a new member, this is set, and added to database under row called “salt”.
Now, when I try to login, with the created credentials it won’t let me.
$salt = $row['salt'];
$password = hash('sha256', $salt.$_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
This is my login_ac.php, where I got $salt to be a row['salt']. I don’t think this ever would be successful because I haven’t told which column in row salt it has to pick.
So my question is: How do I get this to work? Do have to create another query or something like that?
I need $salt to be a pick from row['salt'] because I want salt to be unique.
Unlike my answer in the other question I would retrieve the whole row of the user here and compare the hashes within php (to remember: I suggested to compare it within the sql query in the other question).
This will retrieve the row of the user. If the username does not exists within your database
mysql_num_rows($result)will return0(as usual). However, you can then recreate the hash and compare it against the one saved within the database