mysql - Can't get password encryption to work PHP -


i have been messing around password encryption in php , @ first using md5 function save passwords in database, ran trouble logging in. tried hash function , again had trouble logging in.

the way attempting have password encrypted when account made, , every time logs in, password encrypted again using same method , checks database see if encrypted passwords match. can create account fine , seems whenever create account same password, hashes same assuming don't change each time (i have little knowledge on encryption , hashes).

this current new user creation snippet:

<?php  if ((isset($_post["mm_insert"])) && ($_post["mm_insert"] == "newuser")) {   $insertsql = sprintf("insert users (username, password, name) values (%s, %s, %s)",                        getsqlvaluestring($_post['username'], "text"),                        getsqlvaluestring(hash("sha512",$_post['password']), "text"),                        getsqlvaluestring($_post['name'], "text"));    mysql_select_db($database_reallygoodpieconnection, $reallygoodpieconnection);   $result1 = mysql_query($insertsql, $reallygoodpieconnection) or die(mysql_error());  ?>

and login snippet:

if (isset($_post['username'])) {   $loginusername=$_post['username'];   $password=$_post['password'];   $password = hash("sha512", $password);   print $password;   $mm_flduserauthorization = "permissions";   $mm_redirectloginsuccess = "index.php";   $mm_redirectloginfailed = "login.php";   $mm_redirecttoreferrer = true;   mysql_select_db($database_reallygoodpieconnection, $reallygoodpieconnection);    $loginrs__query=sprintf("select username, password users username=%s , password=%s",     getsqlvaluestring($loginusername, "text"), getsqlvaluestring($password, "text")

can me understand why actual login failing. using exact same password creation , login (obviously) , using same encryption methods. confusing me.

"i can create account fine , seems whenever create account same password, hashes same assuming don't change each time"

of course has that. bad thing if encrypted hash same string change everytime, wouldn't it? :)

users wouldn't able use password more 1 time then. it's okay.

also consider salting password. means: generate random hash , store in database user.

when logging in you're not check against password hash, against salt.

that'll improve security lot more.


Comments

Post a Comment

Popular posts from this blog

c++ - End of file on pipe magic during open -

i have c++ application in starting process(wireshark) following. if (fp == null){ fp = popen(processpath, "r"); //processpath process want start if (!fp){ throw std::invalid_argument("cannot start process"); } fprintf(fp, d_msg);//d_msg input want provide process } else if(fp != null){ fprintf(fp, d_msg); } the problem when execute c++ application, start wireshark error end of file on pipe magic during open what should avoid that? also tried using mkfifo create named pipe , execute it. used this: if (fp == null){ system("mkfifo /tmp/mine.pcap"); fp = popen("wireshark -k -i /tmp/mine.pcap", "r"); if (!fp){ dout << "cannot start wireshark"<<std::endl; throw std::invalid_argument("cannot start wireshark"); } input = fopen("/tmp/mine.pcap", "wb"); fprintf(input , d_msg); fclose(input)...
Read more

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

data.table making a copy of table in R -

i doing this: myfun <- function(inputvar_vec){ # inputvar_vec input vector # # result = output vector return(result) } dt[, result := lapply(.sd, myfun), = byvar, .sdcols = inputvar] i getting following warning: warning message: `in `[.data.table`(df1, , `:=`(prop, lapply(.sd, propeventinlastk)), : invalid .internal.selfref detected , fixed taking copy of whole table, := can add new column reference. @ earlier point, data.table has been copied r (or been created manually using structure() or similar). (and more stuff) .... ` my guess because stacking result vectors (after operation), copy being made? can suggest method remove warning? have done using apply functions , thought should extendable here too. my other question is: can pass chunk of rows data frame (subsetted using statement), , call function myfun operate on that? adding example requested # generate data n = 10000 default=na value = 1 df = data.table(id = sample(1:5000, n, replace=true), ...
Read more