mysql - Can't get password encryption to work PHP -


i have been messing around password encryption in php , @ first using md5 function save passwords in database, ran trouble logging in. tried hash function , again had trouble logging in.

the way attempting have password encrypted when account made, , every time logs in, password encrypted again using same method , checks database see if encrypted passwords match. can create account fine , seems whenever create account same password, hashes same assuming don't change each time (i have little knowledge on encryption , hashes).

this current new user creation snippet:

<?php  if ((isset($_post["mm_insert"])) && ($_post["mm_insert"] == "newuser")) {   $insertsql = sprintf("insert users (username, password, name) values (%s, %s, %s)",                        getsqlvaluestring($_post['username'], "text"),                        getsqlvaluestring(hash("sha512",$_post['password']), "text"),                        getsqlvaluestring($_post['name'], "text"));    mysql_select_db($database_reallygoodpieconnection, $reallygoodpieconnection);   $result1 = mysql_query($insertsql, $reallygoodpieconnection) or die(mysql_error());  ?> 

and login snippet:

if (isset($_post['username'])) {   $loginusername=$_post['username'];   $password=$_post['password'];   $password = hash("sha512", $password);   print $password;   $mm_flduserauthorization = "permissions";   $mm_redirectloginsuccess = "index.php";   $mm_redirectloginfailed = "login.php";   $mm_redirecttoreferrer = true;   mysql_select_db($database_reallygoodpieconnection, $reallygoodpieconnection);    $loginrs__query=sprintf("select username, password users username=%s , password=%s",     getsqlvaluestring($loginusername, "text"), getsqlvaluestring($password, "text") 

can me understand why actual login failing. using exact same password creation , login (obviously) , using same encryption methods. confusing me.

"i can create account fine , seems whenever create account same password, hashes same assuming don't change each time"

of course has that. bad thing if encrypted hash same string change everytime, wouldn't it? :)

users wouldn't able use password more 1 time then. it's okay.

also consider salting password. means: generate random hash , store in database user.

when logging in you're not check against password hash, against salt.

that'll improve security lot more.


Comments

Popular posts from this blog

c++ - End of file on pipe magic during open -

basic authentication with http post params android -

data.table making a copy of table in R -