Lodius2000 Posted January 24, 2009 Share Posted January 24, 2009 Im working on a new user account management system, getting ready to make the login page... but I discovered something wierd.... my hash values are not the same before I post the script a few things: I created an account, $myhash is what was placed in my database in the password field, on the registration script the line $hash = hash("sha512",$password.$salt); is copy pasted, the value of $salt is also copy pasted, all these lines I made sure use the same style of quotes (single vs double). the password of 'password' was also copy pasted from this testscript... so here is my test script <?php $password = 'password'; $salt = 'hashme'; $hash = hash("sha512",$password.$salt); //myhash comes straight from my database $myhash = "0aadf252be8f696a28c46f03560f263eb51771d3617f65b06d4b039702cbd706005c41f41978df4bfa1122cf39f29fe41c169c66e4bfbea5b7ee4f44c0220d8d"; print $hash."<BR>"; print $myhash."<BR>"; print strlen($hash)."<BR>"; print strlen($myhash)."<BR>"; ?> this prints out 3068969b86a9132e08ce488841ef56a734d14278edfdd810ff0ea8ea412963e5f5e7f4358e27c1be4c900724bbb6c09af90c6255395a9baf26f653f6e3e0a774 0aadf252be8f696a28c46f03560f263eb51771d3617f65b06d4b039702cbd706005c41f41978df4bfa1122cf39f29fe41c169c66e4bfbea5b7ee4f44c0220d8d 128 128 as you can see, not the same....what gives? EDIT: whoops guess I need to change my hash.... HAHA //its changed now, but there were a couple of you who saw it Quote Link to comment Share on other sites More sharing options...
rubing Posted January 24, 2009 Share Posted January 24, 2009 how did you get the value for $myhash? Quote Link to comment Share on other sites More sharing options...
Lodius2000 Posted January 24, 2009 Author Share Posted January 24, 2009 i got it from phpmyadmin, I created a dummy account and used the string 'password' as the password, and then got it from phpmyadmin and copy/pasted it into this test script Quote Link to comment Share on other sites More sharing options...
rubing Posted January 24, 2009 Share Posted January 24, 2009 So, you are comparing hashes of 2 different strings. The value in your database is a hash of the string 'password' where as the value of $hash in your php script is a hash of the string 'passwordhashme' Quote Link to comment Share on other sites More sharing options...
Lodius2000 Posted January 24, 2009 Author Share Posted January 24, 2009 no... the register script has this line '$hash = hash("sha512",$password.$salt);" pasted into it too and then $hash is put in the db Quote Link to comment Share on other sites More sharing options...
rubing Posted January 24, 2009 Share Posted January 24, 2009 here's what you need to do: echo the values of $password, $salt, and $hash in your script that inserts into the DB as well as the other script. Now check that everything is consistent. Quote Link to comment Share on other sites More sharing options...
Lodius2000 Posted January 24, 2009 Author Share Posted January 24, 2009 well theres an error somewhere but I cant see in regardless, I managed to make my login script work solved Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.