Jump to content

Cyber_Entity

Members
  • Posts

    5
  • Joined

  • Last visited

Cyber_Entity's Achievements

Newbie

Newbie (1/7)

0

Reputation

  1. Thanks for the quick response. What you said does make since. I would pick up the other either way, just trying to figure out where to start so I can start my career.
  2. I am familiar with PHP and C#. I am very familiar with web development. I just graduated collage with my associates in software development. All the places I have applied to either say I need more experience (My portfolio has 5 different projects on it) or they want you to have a PHP framework or ASP.NET background. So I am just unsure as to which would be more beneficial. Picking up a PHP framework like Laravel or ASP.NET. Thanks.
  3. Doesn't it. When storing it as binary the database shows it as a blob compared to char showing the whole hash. I mean I am still learning, but that is just what I read.
  4. Wouldn't that leave my hash fully view able.
  5. I am unsure if I should post this here or PHP. Sorry if in wrong place. Alright I made a create profile forum. I can create a profile and save all the user information I want. I hashed the passwords with$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));$salted_password = $user_password_password .$salt;$hashed_password = hash('sha256', $salted_password);I then insert in into the database storing the $hashed_password and $salt. The problem is, when I try to log in I either all ways get invalid password or I all ways get valid password.if(isset($_POST['login'])){$login_errors = "";$login_messages = "";$user_username = mysqli_real_escape_string($connect, $_POST['user_username']);$user_password = mysqli_real_escape_string($connect, $_POST['user_password']);if(empty($user_username) || empty($user_password)){$login_errors .= "Error:n Username and password are required to login.n";}if($result = mysqli_query($connect, "SELECT User_Username FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Username/Password is invalid.n";}mysqli_free_result($result);}if($result = mysqli_query($connect, "SELECT User_Salt FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Salt is invalid.n";}else{$salt = implode(mysqli_fetch_row($result)); $salted_password = $user_password .$salt; $hashed_password = hash('sha256', $salted_password);}mysqli_free_result($result);}if($result = mysqli_query($connect, "SELECT User_Password FROM Profiles WHERE User_Username = '$user_username'")){if(mysqli_num_rows($result) == 0){$login_errors .= "Error:n Username/Password is invalid.n";}else{$password = implode(mysqli_fetch_row($result));if($password == $hashed_password){$login_messages .= " Password is valid.n";}}mysqli_free_result($result);}}I have printed the $salt and $hashed_password from the database and the newly generated one. They are an exact match. I tried many different combinations."SELECT * FROM Profiles WHERE User_Username = '$user_username' AND User_Password = '$hashed_password" is the code this is supposed to work.My $salt is stored as VARCHAR(64) and $hashed_password is stored as BINARY(64).
×
×
  • Create New...