php - Changing from md5 to sha256 -


I'm trying to create a secure user authentication system.

Code

But I am trying to change from MD5 to Sh-256, but it is used to login.

I just changed from

  $ auth_pass = md5 ($ line ['salt']. $ Password. $ Stat_salt); From  

  $ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt);  

This includes DB correctly but the login part does not work for some reasons. Works with MD5 but sha256 Do not you have to use sha256 in different ways?

Registration:

  // Generate a unique salt $ salt = uniqid (mt_rand ()); // Combine them all together and have them hash = hash ('sha256', $ salt. $ Password. $ Stat_salt); / / $ Regist_query = mysql_query ("User Login (Username, Password, Salt) values ​​('". $ Username "", "". $ Hash. "', '". $ Salt. "')") Or die ("MySQL error:". Mysql_error ()); Grab user's line associated with the user from  

login

  // form $ grab_row = mysql_query ("SELECT * FROM)" WHERE user name = ''. $ .username. "'") Or die ("MySQL error:". Mysql_error ()); // If only one row has been retrieved (if mysql_num_rows ($ grab_row) == 1 ) {// Create an array from the row field $ row = mysql_fetch_array ($ grab_row); // hash joint variable $ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt); // Username and Reset Password $ checklogin = mysql_que Please check the database again for the username associated with the user name of the user name = "" $ username, "ry" (". And password = '". $ Auth_pass. "' ') Or die (" MySQL error: " Mysql_error ()); // If only one row user has received success or failure (if mysql_num_rows ($ checklogin) == 1) {echo " ";} Else {echo & lt; h1 & gt; oh, we are not certified! & Lt; / h1 & gt; ';}} Else {echo & lt; h1 & gt; oh, we Databases are not! & Lt; / h1 & gt; ';}}  

It incorporates DB correctly but [...]

How do you test it? md5 gives 32-digit string Is hash ('sha256', ...) return 64-digit string. Is your password field enough to accommodate it? If it is not The insert will be deducted for the length of the field at Insert $ hash , and the comparison on selection will fail.


Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -