Associate
Hi guys, I've been working on a login system for an assignment and I've hit a bit of a wall. Tried lots of things myself but I can't get it working, hoping someone more experienced could shed some light on it!
I haven't made the registration part yet so I've just inserted a user manually into the database.
I used several tutorials and guides to do what I've done so far, and it works but I want to add password hashing with salt into it as I've read this is much better than just hashing the password on it's own.
My login function looks like this at the moment which works but it would just use the same string appended to every password.
And the database query part:
I made a small function to generate a random string but I'm not sure how to implement it into what I've already done - I tried storing the salt in the database with the username and password, then modifying the query to get that with the username and password but I just got errors with it.
If anyone has any pointers, they would be greatly appreciated! I'm not very experienced with PHP yet. Thanks!
I haven't made the registration part yet so I've just inserted a user manually into the database.
I used several tutorials and guides to do what I've done so far, and it works but I want to add password hashing with salt into it as I've read this is much better than just hashing the password on it's own.
My login function looks like this at the moment which works but it would just use the same string appended to every password.
PHP:
function validateUser($username, $password) {
$P_SALT = 'qWI-lXh.5V##cx$:)|%]ScM3fk87Iuf-S^Ula>%Qv:jv^mm|O,T_=7I/`)~c@£e=';
$mysql = new mysql();
$ensure_credentials = $mysql->verifyUsernamePass($username, hash('sha512', $password . $P_SALT));
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
header("location: index.php");
} else return "Please enter a correct username and password";
}
And the database query part:
PHP:
function verifyUsernamePass($username, $password) {
$query = "SELECT *
FROM admins
WHERE username = ? AND password = ?
LIMIT 1"; //limit to 1
if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
if($stmt->fetch()) {
$stmt->close();
return true;
}
}
}
I made a small function to generate a random string but I'm not sure how to implement it into what I've already done - I tried storing the salt in the database with the username and password, then modifying the query to get that with the username and password but I just got errors with it.
PHP:
$password = "admin";
function makeSsalt() {
list($usec, $sec) = explode(' ', microtime());
return (float) $sec + ((float) $usec * 100000);
}
mt_srand(makeSalt());
$randVal = mt_rand();
$newPass = $randVal . $password;
$encryptPass = hash('sha512', $newPass);
If anyone has any pointers, they would be greatly appreciated! I'm not very experienced with PHP yet. Thanks!