Jump to content

Session issue after salting?


Recommended Posts

Ok i decided to setup the reg to be salted.

Here is what i have done.

Created a column in grpgusers called salt which on registration puts a random string in that column.

Then changed the main login code to this.


 $username = mysql_real_escape_string($_POST['username']); 
 $password = $_POST['password']; 
 $sql= "SELECT * FROM grpgusers WHERE username='$username'";  
 $salt = $row["salt"];  
 $auth_user = hash('sha256', $salt.$password);  
 $user_class = new User($row['id']);

if($row["password"] == $auth_user){ 

   echo "Your now logged in and being redirected thankyou"; 
include ('foot.php');
echo '<meta http-equiv="refresh" content="3;url=main.php">'; 
$_SESSION["id"] = $row['id']; 
} else {  
   echo "Username and/or password are incorrect";  


That seems to work ok. The salt works and hashes the password nicely. Also it checks to make sure its correct.


** UPDATE **

Ended up fixing the session issue :)

Just made some silly mistakes but still would like to know if its an acceptable way to do it or if its even safe to use this method?

Edited by DAMINK
Link to comment
Share on other sites

i am using a custom coded one that mtg did for me but i dunno i did noticed your pulling everything from the grpgusers twice


$sql= "SELECT * FROM grpgusers WHERE username='$username'"; 


and when you initiate the users class this also pulls everything from the grpgusers table


$user_class = new User($row['id']);


you could alter the first one to pull id and password and salt which is all i see that is needed from first query

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...