Jump to content
MakeWebGames

Help with Salting and Sha1 on a password system.

Joshua

By Joshua
in General Discussion

 Share

Recommended Posts

Joshua Newbie

Joshua

Posted
Posted

Ok so i'm trying to write up a tut on how to use a salt with sha1 on a password system for new game owners.

 

Here's what I have and there is 1 small problem.

Register.php

 

$salt = 'testrun';
$password = $_POST['password'];
$salted_hash = hash("sha512", ($salt . $password));


$db->query("INSERT INTO users (username, login_name, userpass, level, donatordays, member_status, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, lastip, lastip_signup) VALUES( '{$username}', '{$username}',  '{$salted_hash}', 1, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', '$IP', '$IP')");
$i=$db->insert_id();

 

Authenticate.php

$salt = 'testrun';
$password = $_POST['password'];
$salted_hash = hash("sha512", ($salt . $password));



$uq=$db->query(sprintf("SELECT `userid` FROM `users` WHERE `login_name`='%s' AND `userpass`='%s'", $_POST['username'], $salted_hash));

 

These 2 work fine. I can create a user, it hashes the password and I can login.

The problem lies in Preferances on password change, it keeps telling me the password doesnt match up with the one in the database.

Here's what I have

preferances.php bit

function PassChange() {
global $ir, $db, $c;
$salt = 'testrun';
$password = $_POST['password'];
$salted_hash = hash("sha512", ($salt . $password)); 
$Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid'])));
if (isset($_POST['OldPass'], $_POST['NewPass1'])) {
 if ($_POST['NewPass1'] == '') {
  echo 'Error!
You Entered No Password 
';
 }
else if ($salted_hash != $Info['userpass']) {
  echo 'Error!
The Current Password Is Inncorrect! 
';
 } else {
  $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", $salted_hash, $ir['userid']));
  echo 'Your Password Has Been Updated! 

  Your New Password Is: [i]'.$_POST['NewPass1'].'[/i]

 

 

Can anyone see why it may not be reading the password the same as the Reg/Authenticate bit?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...