Jump to content

Error with login...Notice: Undefined index: salt

alphasil

By alphasil
in PHP Coding Help

 Share

Recommended Posts

alphasil Newbie

alphasil

Posted
Posted

Hi

 

I'm having a strange error with this code and i get it working properly

 function CheckLoginInDB($username,$password)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Erro na ligação à Base de Dados!");
            return false;
        }
		
        $username = $this->SanitizeForSQL($username);
		$nresult = mysql_query("SELECT * FROM utilizador WHERE utilizador = '$username'", $this->connection) or die(mysql_error());
        // check for result 
        $no_of_rows = mysql_num_rows($nresult);
        if ($no_of_rows > 0) {
            $nresult = mysql_fetch_array($nresult);
            $salt = $nresult['salt'];
			echo $salt;
            $encrypted_password = $nresult['password'];
			$hash = $this->checkhashSSHA($salt, $password);
			echo $hash;
        }
        $qry = "Select idutilizador, nome, email from utilizador where utilizador='$username' and password='$hash'";
        $result = mysql_query($qry,$this->connection);
        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("Erro: Utilizador ou password errados");
            return false;
        }    
        $row = mysql_fetch_assoc($result);
		$_SESSION['idutilizador']  = $row['idutilizador'];
        $_SESSION['name_of_user']  = $row['nome'];
        $_SESSION['email_of_user'] = $row['email'];
		
        return true;
    }

This is my table

 

Field                                          Type         Collation          Null    Key     Default  Extra           Privileges                       Comment  
---------------------------------------------  -----------  -----------------  ------  ------  -------  --------------  -------------------------------  ---------
idutilizador                                   int(11)      (NULL)             NO      PRI     (NULL)   auto_increment  select,insert,update,references           
nome                                           varchar(45)  latin1_general_ci  NO              (NULL)                   select,insert,update,references           
utilizador                                     varchar(45)  latin1_general_ci  NO              (NULL)                   select,insert,update,references           
telefone                                       int(11)      (NULL)             YES             (NULL)                   select,insert,update,references           
email                                          varchar(45)  latin1_general_ci  NO              (NULL)                   select,insert,update,references           
password                                       varchar(45)  latin1_general_ci  NO              (NULL)                   select,insert,update,references           
sexo                                           int(11)      (NULL)             NO              (NULL)                   select,insert,update,references           
opcao                                          binary(10)   (NULL)             NO              (NULL)                   select,insert,update,references           
grupodisciplinar_idgrupodisciplinar            int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
escola_idescola                                int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
tipoutilizador_idtipoutilizador                int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
departamento_iddepartamento                    int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
categoriaprofissional_idcategoriaprofissional  int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
nivelensino_idnivelensino                      int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
privilegio_idprivilegio                        int(11)      (NULL)             YES     MUL     (NULL)                   select,insert,update,references           
 
 
Any help please?
 
Thanks

 

Link to comment
Share on other sites
alphasil Newbie

alphasil

Posted
  • Author
Posted

Thank you

 

So how can i use one way, i mean only the password to verify if the hashed pass is equal to the one stored in database?

 

i have this function

<code=php>

 public function checkhashSSHA($salt, $password) {
        $hash = base64_encode(sha1($password . $salt, true) . $salt);
        return $hash;
    }
<code>
 
Thanks
Link to comment
Share on other sites
Ch0cu3r Newbie

Ch0cu3r

Posted
Posted (edited)

In order to compare the password hash correctly you need pass that function the original salt the password hash was generated with. Without the salt you cant compare the hashes!

 

I would recommend you not salting the passwords yourself. Instead use PHP's password_hash function to hash the password then use password_verify to see if the user entered correct password. You will need to use ircmaxwell's password_compat library if you are not running PHP5.5

Edited by Ch0cu3r
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.