0

I am playing around with password encryptions and i am having some trouble when I write the password into database and when I ry to log in to the page.

When I insert the password:

$pword = "huuhaa";
$uname = "huuhaa";

$pword = hash('sha256' ,'$pword');
    $insuser="INSERT INTO words(username,password) VALUES('$uname','$pword') ";

$insresult=mysql_query($insuser);

In the log in:

$myusername= 'huuhaa';

$mypassword = 'huuhaa';


$mypasswordCRYPTED = hash('sha256' ,'$mypassword');


$sql="SELECT userid FROM words WHERE username='$myusername' and password='$mypasswordCRYPTED'";

LOG IN:

the value in database is different from the value in login eg. $pword in database: e5f252f... And in log in: $mypasswordCRYPTED = as89dw....

Would someone please explain this to me?

Thank you

Improve this question
0

3 Answers 3

Reset to default
4

Don't you want:

$pword = hash('sha256', $pword);

and

$mypasswordCRYPTED = hash('sha256', $mypassword);

i.e. the variable rather than the string '$pword'? It would have worked with "$pword" using double quotes to get PHP to perform string interpolation, but it's a lot clearer just to use the variable itself as the function argument.

So basically you were comparing the hashes of the string '$pword' and '$mypassword' - which unsurprisingly aren't the same :)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Damn jon, you're 2 seconds faster :( Good job
PHP interpolates in double-quoted strings, not single-quoted ones. That string is literally "$pword"
@Phil: Thanks. Will update. (It's obviously clearer not to bother with interpolation anyway.)
@genesis Jon actually answered 2 seconds after the question was posted. He was just holding off for suspense ;-)
@Phil: No. That's lie. He answered it 2 seconds BEFORE question was posted. But this answer just shows the turth of this post :( ;)
1

change

$pword = hash('sha256' ,'$pword');

to

$pword = hash('sha256' ,$pword);

because that first one recognizes your password as $pword

and the same thing with second variable

$mypasswordCRYPTED = hash('sha256' ,'$mypassword');

to

$mypasswordCRYPTED = hash('sha256' ,$mypassword);
Improve this answer

Comments

0

You are hashing the string '$mypassword', try changing it to $mypassword and changing '$pword' to $pword.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.