Jump to content

[SOLVED] Hash Passwords Not Matching

limitphp

By limitphp
in PHP Coding Help

 Share

Recommended Posts

limitphp Advanced Member

limitphp

Posted
Posted

I'm curious.....

I have some test accounts setup on my website I created....I have never changed their passwords.....

I have them stored as hashes in the database....

 

I use this:

$password = strtolower($password);
$password = $password.$salt;
$password = hash("md5",$password);
$queryUser = "SELECT userID,username,fname,lname,verified FROM user WHERE username = '".clean($username,'sql')."' AND password = '".clean($password,'sql')."'";

 

Is there any way the passwords won't match up after a long period of time?  Maybe a change from php 4 to php 5 or something?

They didn't stop working until after I had my account at lunarpages reactivated and they had to manually upload a database for me....

 

They don't seem to be working.....

I can change the passwords in them, but I'm, just curious as to how they would stop matching....

 

Link to comment
https://forums.phpfreaks.com/topic/167559-solved-hash-passwords-not-matching/
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

I'm wondering if you've changed your clean function.  When you are hashing something, you (generally) don't need to sanitize the input.  Try using something like this:

<?php
function hashPass($pass, $salt){
$pass = strtolower($pass).$salt;
return md5($pass);
}
$salt = "cheeseburger";
$password = $_POST['pass'];
$password = hashPass($password, $salt);
?>

and when you are adding a user, just call the function to hash the password for you. This way, you know that you are using the same method to hash the passwords.

limitphp Advanced Member

limitphp

Posted
  • Author
Posted

Thats a good idea.  I'll create a hashPass function. 

 

As for the clean function...I'm pretty sure, I haven't changed it....:

 

function clean($value, $type)
{
if ($type=="sql")
{
	// Stripslashes
	if (get_magic_quotes_gpc())
	  {
	  $value = stripslashes($value);
	  }
	  $value = mysql_real_escape_string($value);
}elseif ($type=="html")
{
	$value = htmlspecialchars($value, ENT_QUOTES);
}
return $value;
}

 

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Is your $salt the same and what exactly does $queryUser have in it and what are the exact values in the database that it should be matching?

 

How do you know they don't match? What is your code? Does your code have any error checking login in it so that you know if the problem is a query that is failing or a query that is not matching any rows?

limitphp Advanced Member

limitphp

Posted
  • Author
Posted

Is your $salt the same and what exactly does $queryUser have in it and what are the exact values in the database that it should be matching?

 

How do you know they don't match? What is your code? Does your code have any error checking login in it so that you know if the problem is a query that is failing or a query that is not matching any rows?

 

Thats it!......

I just remembered!  I had updated my salt!

Thank you.......!!!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.