php - Changing from md5 to sha256 -

-

I'm trying to create a secure user authentication system.

Code

But I am trying to change from MD5 to Sh-256, but it is used to login.

I just changed from 

  $ auth_pass = md5 ($ line ['salt']. $ Password. $ Stat_salt); From  

  $ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt);

This includes DB correctly but the login part does not work for some reasons. Works with MD5 but sha256 Do not you have to use sha256 in different ways?

Registration: 

  // Generate a unique salt $ salt = uniqid (mt_rand ()); // Combine them all together and have them hash = hash ('sha256', $ salt. $ Password. $ Stat_salt); / / $ Regist_query = mysql_query ("User Login (Username, Password, Salt) values ​​('". $ Username "", "". $ Hash. "', '". $ Salt. "')") Or die ("MySQL error:". Mysql_error ()); Grab user's line associated with the user from

login 

  // form $ grab_row = mysql_query ("SELECT * FROM)" WHERE user name = ''. $ .username. "'") Or die ("MySQL error:". Mysql_error ()); // If only one row has been retrieved (if mysql_num_rows ($ grab_row) == 1 ) {// Create an array from the row field $ row = mysql_fetch_array ($ grab_row); // hash joint variable $ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt); // Username and Reset Password $ checklogin = mysql_que Please check the database again for the username associated with the user name of the user name = "" $ username, "ry" (". And password = '". $ Auth_pass. "' ') Or die (" MySQL error: " Mysql_error ()); // If only one row user has received success or failure (if mysql_num_rows ($ checklogin) == 1) {echo " ";} Else {echo & lt; h1 & gt; oh, we are not certified! & Lt; / h1 & gt; ';}} Else {echo & lt; h1 & gt; oh, we Databases are not! & Lt; / h1 & gt; ';}}

It incorporates DB correctly but [...]

How do you test it? md5 gives 32-digit string Is hash ('sha256', ...) return 64-digit string. Is your password field enough to accommodate it? If it is not The insert will be deducted for the length of the field at Insert $ hash , and the comparison on selection will fail.


Comments

Post a Comment

Popular posts from this blog

asp.net - Javascript/DOM Why is does my form not support submit()? -

-
This is my first time working with asp.net and javascript, so I do not know very good web resources, or Much about javascript debugging I have to find out that on line oFormObject.submit (); Microsoft JScript Runtime Error: Object does not support this property or method I am using the link to work as a button because I am terrible in aesthetics and I think That link will look more professional than a table of 50 buttons. I have read that this solution can cause problems with browsers due to pre-rendering of my links and many additional traffic and problems, but CSS gives me a button like a link, which has issues of alignment and difference seemed to. & lt ;! DOCTYPE HTML PUBLIC "- // W3C // DTD HTML 4.01 // N" "http://www.w3.org/TR/html4/strict.dtd"> & Lt; Html xmlns = "http://www.w3.org/1999/xhtml" & gt; & Lt; Head & gt; & Lt; Link rel = "stylesheet" type = "text / css" href = "defect differen
Read more

sockets - Delphi: TTcpServer, connection reset when reading -

-
I am trying to implement one for Delphi, but there are some problems with communication. Fitnesse will start my process, and give me a portmember as a command line argument. Then I should make a socket on the port number given to me, and fitness will connect to that port I am using a TCPCP server for the job: < Pre> TcpServer1.LocalPort: = ParamStr (ParamCount); TcpServer1 Active: = true; On OnEXEPT () -Event, I send the protocol version to use as specified in the protocol. Process TForm1.TcpServer1Accept (From: TOBject; ClientSocket: TCustomIpClient); Var s: ansistring; Start clientSocket. Syndrome ('slim - v 0.0', # 10); SetLength (S, 6); ClientSketts Receavebook (S, 6); End; When I call ReceiveBuf (), the process ends, and fitness throws an exception: java.net.SocketException: connection Reset I have seen what sent and received. It shows that my code sends the protocol version, fitness sends back a message, and when I try to get this message
Read more

javascript - Classic ASP "ExecuteGlobal" statement acting differently on two servers -

-
I have a strange problem that I really do not know. In addition to developing a new ASP.NET site, I have to support the old "classic ASP" site. It is written in VBScript with a batch of JavaScript functions. Many of the JavaScript functions include 'files' Everything is fine on our production system (which security is controlled by another group - this is a military installation) Debugging them once did not work I). However, I have a fix for a vague bug that needs to be fully tested and some functions do not run under the "local" copy of the website that runs on my PC. For the record, I am running IIS 5.1 on XP. The problem is that some Javascript functions are running "OK" on the production server, but when they use it as a server, they are not defined on my PC what is happening that last Programmer, for some reason, has decided to put some functions in a series of files, which according to the observations, imitate the "need_once
Read more