Home/ Questions/Q 6062907
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T09:06:18+00:00

I’m trying to create passwords that are sha256 hashed with a $salt variable to

  • 0

I’m trying to create passwords that are sha256 hashed with a $salt variable to it. But for some reason it just won’t work. Been working 3 hours on this now, and I’m about to rip my head off. Here is my code:

I’ll try again, sorry ;o)

Ok, my script worked fine, untill I tried to add the sha256 to the passwords. I got a file for creating users which is: 

$salt = "lollol";  
$password = hash('sha256', $salt.$_POST['password']);  
$sql = ("INSERT INTO members (username, password, name, last_name,company)VALUES('$username', '$password', '$name', '$last_name', '$company')")or die(mysql_error());

if(mysql_query($sql))
    echo "Your accuont has been created.";

It seems like it’s correctly added to the Database. I can see that it is getting hashed with some letters and numbers.

But then when I’m trying to login, it just won’t.

My code for login.php is:

$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";  
$result=mysql_query($sql);    
$row=mysql_fetch_array($result);  
$username = mysql_real_escape_string($_POST['username']);  
$password = $_POST['password'];  
$salt = "lollol";  
$auth_user = hash('sha256', $salt.$password);  
if($password == $salt.$auth_user){  
    echo "Logged in";  
} else {  
    echo "Not logged in";  
}

I got the idea of that, I have to encrypt password when I want to log in, but im not sure. I hope that some of you can help me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When trying to login you concatenate the hash with the salt once more

    $auth_user = hash('sha256', $salt.$password);
if($password == $salt.$auth_user){ // <-- $salt once more
  echo "Logged in";
} else {
  echo "Not logged in";
}

    It should work, if you just remove it

    $auth_user = hash('sha256', $salt.$password);
if($password == $auth_user){
  echo "Logged in";
} else {
  echo "Not logged in";
}

    Update: Going further

    here

    $sql= "SELECT * FROM members WHERE username='$username' and password='$password'";

    You try to retrieve the row, where the username matches $username and the password matches $password. In the database the passwords are already hashed (and $password seems to be not defined at all), thus this query will never return any row.

    $password = hash('sha256', $salt.$_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

    $result should now contain the only user that matches the given credentials. Its now very easy

    if (mysql_num_rows($result) === 1) {
  echo "Logged in";
} else {
  echo "Not logged in";
}
    • 0