php - Changing from md5 to sha256 -
I'm trying to create a secure user authentication system.
Code
But I am trying to change from MD5 to Sh-256, but it is used to login.
I just changed from
$ auth_pass = md5 ($ line ['salt']. $ Password. $ Stat_salt); From
$ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt);
This includes DB correctly but the login part does not work for some reasons. Works with MD5 but sha256 Do not you have to use sha256 in different ways?
Registration:
// Generate a unique salt $ salt = uniqid (mt_rand ()); // Combine them all together and have them hash = hash ('sha256', $ salt. $ Password. $ Stat_salt); / / $ Regist_query = mysql_query ("User Login (Username, Password, Salt) values ('". $ Username "", "". $ Hash. "', '". $ Salt. "')") Or die ("MySQL error:". Mysql_error ()); Grab user's line associated with the user from
login
// form $ grab_row = mysql_query ("SELECT * FROM)" WHERE user name = ''. $ .username. "'") Or die ("MySQL error:". Mysql_error ()); // If only one row has been retrieved (if mysql_num_rows ($ grab_row) == 1 ) {// Create an array from the row field $ row = mysql_fetch_array ($ grab_row); // hash joint variable $ auth_pass = hash ('sha256', $ line ['salt']. $ Password. $ Stat_salt); // Username and Reset Password $ checklogin = mysql_que Please check the database again for the username associated with the user name of the user name = "" $ username, "ry" (". And password = '". $ Auth_pass. "' ') Or die (" MySQL error: " Mysql_error ()); // If only one row user has received success or failure (if mysql_num_rows ($ checklogin) == 1) {echo " ";} Else {echo & lt; h1 & gt; oh, we are not certified! & Lt; / h1 & gt; ';}} Else {echo & lt; h1 & gt; oh, we Databases are not! & Lt; / h1 & gt; ';}}
It incorporates DB correctly but [...]
How do you test it? md5
gives 32-digit string Is hash ('sha256', ...)
return 64-digit string. Is your password
field enough to accommodate it? If it is not The insert will be deducted for the length of the field at Insert $ hash
, and the comparison on selection will fail.
Comments
Post a Comment