DAMINK Posted November 18, 2014 Share Posted November 18, 2014 (edited) Ok i decided to setup the reg to be salted. Here is what i have done. Created a column in grpgusers called salt which on registration puts a random string in that column. Then changed the main login code to this. <? if(isset($_POST['submit'])){ $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; $sql= "SELECT * FROM grpgusers WHERE username='$username'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $salt = $row["salt"]; $auth_user = hash('sha256', $salt.$password); $user_class = new User($row['id']); if($row["password"] == $auth_user){ echo "Your now logged in and being redirected thankyou"; include ('foot.php'); echo '<meta http-equiv="refresh" content="3;url=main.php">'; $_SESSION["id"] = $row['id']; die(); } else { echo "Username and/or password are incorrect"; } } ?> That seems to work ok. The salt works and hashes the password nicely. Also it checks to make sure its correct. ** UPDATE ** Ended up fixing the session issue :) Just made some silly mistakes but still would like to know if its an acceptable way to do it or if its even safe to use this method? Edited November 18, 2014 by DAMINK Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted November 19, 2014 Share Posted November 19, 2014 i am using a custom coded one that mtg did for me but i dunno i did noticed your pulling everything from the grpgusers twice $sql= "SELECT * FROM grpgusers WHERE username='$username'"; and when you initiate the users class this also pulls everything from the grpgusers table $user_class = new User($row['id']); you could alter the first one to pull id and password and salt which is all i see that is needed from first query Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.