Muncey Posted July 10, 2007 Share Posted July 10, 2007 Well today i decided to make a register and login script. The register script works fine and posts everything to the database perfectly, now what i did was i made a "salt" by multiplying randomly selected numbers together (big numbers) then i saved the salt in the database along with the persons info (so each person has a different "salt"). So when they register the pass is added to the salt. It would look something like pass29398f9a8ds98as9d8s9ad (the pass being the password and the rest being the md5 encrypted random numbers). So then i further encrypt that! So now $pass = md5($pass . $salt); That all works perfect... the problem is with the login. I went into the database made an array using the username posted and retrieved the "salt" related to that username. So i made $salt = $data[salt] (data being the users array and salt being the salt used). Echoed this and got the same salt in the database, so then all i needed was the password to be correct and to add that infront of the salt then encrypt that, simple.. use the same line, $password = $_POST[pass]; then $pass = ($password . $salt); That SHOULD give me the same password but when i matched it didnt... now the salts right, the password is right... but look at the 2 passwords.. The password in the database: eabbe0fc01d95831d70a8696f48dbc The password given out by the login: eabbe0fc01d95831d70a8696f48dbc58 It's added an extra "58" to the end... why, how, what?! Im really confused i've looked through my code over and over, what's different in the register to the login and everything to do with the password variable is basically the same. PLEASE HELP! Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 10, 2007 Share Posted July 10, 2007 are you changing the case i believe md5 is case sensitive Quote Link to comment Share on other sites More sharing options...
Muncey Posted July 10, 2007 Author Share Posted July 10, 2007 No im just a complete idiot. My password field is made to be max 30 characters, so the pass in the database is 30 characters long yet when i encrypt it's 32 characters... so i need to make the field allow over 30 characters. Half hour this problems took me to work out, so glad it's over though... hate thinking "this is never going to get fixed". Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 10, 2007 Share Posted July 10, 2007 good Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.