Jump to content

Php Hashtag Password Help, Returned Two Different Values!

BrettHartel

By BrettHartel
in PHP Coding Help

 Share

Recommended Posts

BrettHartel Member

BrettHartel

Posted
Posted

Thank you for taking the time to help me :)

 

I am trying to hashtag passwords and I was finally able to get the created accounts to work. But, when I try to log-in, the hashtag is different from the original hashtag. What am I do wrong?

 

Sign-Up Code

$password = "$_POST[Password]";
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
$Allowed_Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;
$Salt_Length = 21;
for($i=0; $i<$Salt_Length; $i++)
{
   $salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;


$hashed_password = crypt($password, $bcrypt_salt);
$sql="INSERT INTO Salt (User_ID, Salt)
VALUES
('$User_ID','$salt')";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

 

 

Log-in Code

$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
$Entered_Password = $_Post[Password];
$Result_Salt = mysql_query("SELECT Salt FROM Salt WHERE User_ID='$User_ID'");
while ($row = mysql_fetch_assoc($Result_Salt)) {
   $User_Salt = $row[salt];
}
$bcrypt_salt = $Blowfish_Pre . $User_Salt . $Blowfish_End;
$Hashed_Password = crypt($Entered_Password, $bcrypt_salt);

 

Sincerely,

 

Brett Hartel

Christian F. Member

Christian F.

Posted
Posted

If the code worked for most passwords, then your code was good. It was the actual password itself, or the salt, that was erroneous. (Speaking of which, no point in storing the salts in their own table.)

You'll need to re-check that he salt doesn't contain any invalid/special characters, that causes MySQL to throw a fit. Also, you 100% sure that the password wasn't mistyped upon registration?

 

MySQL should only be used on variables immediately before they're added to the SQL query, and then only for string values. Applying it before this, particularly before doing any other operations on the value, will cause unintended consequences. Consequences which has a high probability of breaking your application, or causing other hard-to-detect bugs.

NomadicJosh Member

NomadicJosh

Posted
Posted (edited)

A few things to note:

$password = "$_POST[Password]";

 

should probably be:

$password = $_POST['Password'];

 

and:

$Entered_Password = $_Post[Password];

 

should probably be:

$Entered_Password = $_POST['Password'];

Edited by parkerj
Christian F. Member

Christian F.

Posted
Posted

Slight correction to my previous post, as I managed to mistype something rather crucial:

mysql_real_escape_string () should only be used on variables immediately before they're added to the SQL query...

 

That's what it was supposed to read.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.