limitphp Posted July 27, 2009 Share Posted July 27, 2009 I'm curious..... I have some test accounts setup on my website I created....I have never changed their passwords..... I have them stored as hashes in the database.... I use this: $password = strtolower($password); $password = $password.$salt; $password = hash("md5",$password); $queryUser = "SELECT userID,username,fname,lname,verified FROM user WHERE username = '".clean($username,'sql')."' AND password = '".clean($password,'sql')."'"; Is there any way the passwords won't match up after a long period of time? Maybe a change from php 4 to php 5 or something? They didn't stop working until after I had my account at lunarpages reactivated and they had to manually upload a database for me.... They don't seem to be working..... I can change the passwords in them, but I'm, just curious as to how they would stop matching.... Quote Link to comment Share on other sites More sharing options...
jonsjava Posted July 27, 2009 Share Posted July 27, 2009 I'm wondering if you've changed your clean function. When you are hashing something, you (generally) don't need to sanitize the input. Try using something like this: <?php function hashPass($pass, $salt){ $pass = strtolower($pass).$salt; return md5($pass); } $salt = "cheeseburger"; $password = $_POST['pass']; $password = hashPass($password, $salt); ?> and when you are adding a user, just call the function to hash the password for you. This way, you know that you are using the same method to hash the passwords. Quote Link to comment Share on other sites More sharing options...
limitphp Posted July 27, 2009 Author Share Posted July 27, 2009 Thats a good idea. I'll create a hashPass function. As for the clean function...I'm pretty sure, I haven't changed it....: function clean($value, $type) { if ($type=="sql") { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = mysql_real_escape_string($value); }elseif ($type=="html") { $value = htmlspecialchars($value, ENT_QUOTES); } return $value; } Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 27, 2009 Share Posted July 27, 2009 Is your $salt the same and what exactly does $queryUser have in it and what are the exact values in the database that it should be matching? How do you know they don't match? What is your code? Does your code have any error checking login in it so that you know if the problem is a query that is failing or a query that is not matching any rows? Quote Link to comment Share on other sites More sharing options...
limitphp Posted July 27, 2009 Author Share Posted July 27, 2009 Is your $salt the same and what exactly does $queryUser have in it and what are the exact values in the database that it should be matching? How do you know they don't match? What is your code? Does your code have any error checking login in it so that you know if the problem is a query that is failing or a query that is not matching any rows? Thats it!...... I just remembered! I had updated my salt! Thank you.......!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.