0

Here is my Login code, it was working perfectly but after adding securities to password like hashing and coding it creates password exactly same to the saved password but even more longer. $hash is exactly same as password but then it continues to a very big digit. Please help to solve it. Thanks in advance.

$hash = hash('sha256',$check_password['Salt'].$hash1) this code has been used in registration form and though their is same formula in both page login and registration i dont understand why in login it takes such a linger number after it matches completely same to the one in DB that created while registration

<?php

//database connection

$username = $_POST['username'];
$password = $_POST['password'];

if(isset($_POST["submit"])) {

$check_table = "SELECT Email, Password, Salt FROM register where Email = '$username'";

$check_sql_query = mysql_query($check_table);

$check_num_rows = mysql_num_rows($check_sql_query);

$check_password = mysql_fetch_array($check_sql_query, MYSQL_ASSOC);
$hash1=hash('sha256',$password);


$hash = hash('sha256',$check_password['Salt'].$hash1);

if($hash != $check_password['Password']) {
    echo "Invalid Credentials";
    echo "<br />";
    echo $password;
    echo "<br />";
    echo $hash;
    echo "<br />";
    echo $check_password['Password'];
    echo "<br /><br /><br />";
    echo "salt value ".$check_password['Salt'];
}
else {
    echo "Welcome to Website";
}
}

?>

OUTPUT

Invalid Credentials
r12345678 => Password
fe55b0cf0832801955af05cb29015191f1299809d96df88a2484192423be3b7a => $hash
fe55b0cf0832801955af05cb290151 => Password


salt value 04cb1e96d31e9086ef9b36e1a9dbd6
Improve this question
1
  • Could it be that your columns got different sizes, so the second hash gets cut off? Commented Jun 13, 2014 at 13:55

2 Answers 2

Reset to default
1

I may be wrong, but have you checked your "password" column in your database, I am getting the impresion that it has set a "charlimit" that truncates your passwords when you save them. So when you retrieve it it shorter than your hash.

Also, as a side note, try to switch from mysql_function's to PDO or an abstraction layer.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Your password seems to be the first 30 characters of the hash... i think it may have something to do with the character limit of the varchar in your database.

Can you also share the line which generates the password when the user is created before you store it in the table. Do you have a salted hash being applied the same way at both ends, when creating and when verifying

Improve this answer

1 Comment

Hi thanks for helping in he right direction :) it was because of varchr (30) and later i changed to varchar(128) and now it is working perfectly. Thanks a lot :) you are genius

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.