alphasil Posted November 30, 2014 Share Posted November 30, 2014 Hi I'm having a strange error with this code and i get it working properly function CheckLoginInDB($username,$password) { if(!$this->DBLogin()) { $this->HandleError("Erro na ligação à Base de Dados!"); return false; } $username = $this->SanitizeForSQL($username); $nresult = mysql_query("SELECT * FROM utilizador WHERE utilizador = '$username'", $this->connection) or die(mysql_error()); // check for result $no_of_rows = mysql_num_rows($nresult); if ($no_of_rows > 0) { $nresult = mysql_fetch_array($nresult); $salt = $nresult['salt']; echo $salt; $encrypted_password = $nresult['password']; $hash = $this->checkhashSSHA($salt, $password); echo $hash; } $qry = "Select idutilizador, nome, email from utilizador where utilizador='$username' and password='$hash'"; $result = mysql_query($qry,$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("Erro: Utilizador ou password errados"); return false; } $row = mysql_fetch_assoc($result); $_SESSION['idutilizador'] = $row['idutilizador']; $_SESSION['name_of_user'] = $row['nome']; $_SESSION['email_of_user'] = $row['email']; return true; } This is my table Field Type Collation Null Key Default Extra Privileges Comment --------------------------------------------- ----------- ----------------- ------ ------ ------- -------------- ------------------------------- --------- idutilizador int(11) (NULL) NO PRI (NULL) auto_increment select,insert,update,references nome varchar(45) latin1_general_ci NO (NULL) select,insert,update,references utilizador varchar(45) latin1_general_ci NO (NULL) select,insert,update,references telefone int(11) (NULL) YES (NULL) select,insert,update,references email varchar(45) latin1_general_ci NO (NULL) select,insert,update,references password varchar(45) latin1_general_ci NO (NULL) select,insert,update,references sexo int(11) (NULL) NO (NULL) select,insert,update,references opcao binary(10) (NULL) NO (NULL) select,insert,update,references grupodisciplinar_idgrupodisciplinar int(11) (NULL) YES MUL (NULL) select,insert,update,references escola_idescola int(11) (NULL) YES MUL (NULL) select,insert,update,references tipoutilizador_idtipoutilizador int(11) (NULL) YES MUL (NULL) select,insert,update,references departamento_iddepartamento int(11) (NULL) YES MUL (NULL) select,insert,update,references categoriaprofissional_idcategoriaprofissional int(11) (NULL) YES MUL (NULL) select,insert,update,references nivelensino_idnivelensino int(11) (NULL) YES MUL (NULL) select,insert,update,references privilegio_idprivilegio int(11) (NULL) YES MUL (NULL) select,insert,update,references Any help please? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/292803-error-with-loginnotice-undefined-index-salt/ Share on other sites More sharing options...
QuickOldCar Posted November 30, 2014 Share Posted November 30, 2014 (edited) $salt = $nresult['salt']; You have no column named salt in your database table. Edited November 30, 2014 by QuickOldCar Quote Link to comment https://forums.phpfreaks.com/topic/292803-error-with-loginnotice-undefined-index-salt/#findComment-1498079 Share on other sites More sharing options...
alphasil Posted November 30, 2014 Author Share Posted November 30, 2014 Thank you So how can i use one way, i mean only the password to verify if the hashed pass is equal to the one stored in database? i have this function <code=php> public function checkhashSSHA($salt, $password) { $hash = base64_encode(sha1($password . $salt, true) . $salt); return $hash; } <code> Thanks Quote Link to comment https://forums.phpfreaks.com/topic/292803-error-with-loginnotice-undefined-index-salt/#findComment-1498080 Share on other sites More sharing options...
Ch0cu3r Posted November 30, 2014 Share Posted November 30, 2014 (edited) In order to compare the password hash correctly you need pass that function the original salt the password hash was generated with. Without the salt you cant compare the hashes! I would recommend you not salting the passwords yourself. Instead use PHP's password_hash function to hash the password then use password_verify to see if the user entered correct password. You will need to use ircmaxwell's password_compat library if you are not running PHP5.5 Edited November 30, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/292803-error-with-loginnotice-undefined-index-salt/#findComment-1498082 Share on other sites More sharing options...
alphasil Posted November 30, 2014 Author Share Posted November 30, 2014 Ok Thanks for your help. I will try your suggestion best regards Quote Link to comment https://forums.phpfreaks.com/topic/292803-error-with-loginnotice-undefined-index-salt/#findComment-1498083 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.