I’ve recently added a class which uses unique salts stored in the members table.

Question

0

Asked: June 15, 20262026-06-15T10:22:18+00:00 2026-06-15T10:22:18+00:00

I’ve recently added a class which uses unique salts stored in the members table.

0

I’ve recently added a class which uses unique salts stored in the members table. This was my login script before I used salts:

    $sql = 'SELECT id, username FROM member WHERE username = ? AND pass = ?';

    $result = $this->DB->query($sql, array($username, $pass));
    foreach($result as $record) {
        $user = [
    "id" => $record['id'],
    "username" => $record['name']];
}

if (empty($user)) {
        // Display errors
    } else {
            // Login by sending the array of data to login function
        self::login($user);
    }

Now, I want to get the salts too. Is there any way I can do this without using more than 1 query? I can make it work by starting with a query to get the user pass and salt but is there a better way. It feels kind of like a hack or is it simply unavoidable?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T10:22:19+00:00

Editorial Team

2026-06-15T10:22:19+00:00Added an answer on June 15, 2026 at 10:22 am

You may do (assuming the pass is created as MD5($salt . $password) and that you have column named salt inside your member table):

$sql = 'SELECT id, username FROM member WHERE username = ?
           AND pass = MD5(CONCAT(member.salt, ?))';

This way MySQL directly checks stored hash created after CONCAT-ing inserted password and salt.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve recently added a class which uses unique salts stored in the members table.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply