0

Code on my register page:

 $p_salt = rand_string(20);
 $site_salt="subinsblogsalt"; /*Common Salt used for password storing on site.*/
 $salted_hash = hash('sha256', $password.$site_salt.$p_salt);

I then insert the salt in to the database, along with the salted passwords, but when I do it on my login page:

if(isset($_POST) && $email!='' && $password!=''){
 $sql=$dbh->prepare("SELECT id,password,psalt FROM user WHERE email='".$email."'");
 $sql->execute(array($email));
 while($r=$sql->fetch()){
  $p=$r['password'];
  $p_salt=$r['psalt'];
  $id=$r['id'];
 }
 $site_salt="subinsblogsalt";/*Common Salt used for password storing on site. You can't change it. If you want to change it, change it when you register a user.*/
 $salted_hash = hash('sha256', $password.$site_salt.$p_salt);

But they don't match at all, I echoed the salted hash to compare it to the one in the database but they're different.

  • Mind posting both results along with the input? – Slava Knyazev Dec 08 '14 at 22:11
  • 3
    "Common Salt used for password storing on site" terrible practice may as well not salt it at all –  Dec 08 '14 at 22:12
  • possible duplicate of [Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) –  Dec 08 '14 at 22:12
  • @Dagon actually he is salting it with a random salt per user as well, if you read his code... – Nick Coad Dec 08 '14 at 22:16
  • @jeromeudee What about the salt? Did you compare the salt you're getting out with the salt you're storing, to ensure something hasn't gone awry there? Edit: also you should include the code you're using to store the data, in case there's an error there. – Nick Coad Dec 08 '14 at 22:19

1 Answers1

0

You are creating and storing the password with:

$salted_hash = hash('sha256', $password.$site_salt.$p_salt);

But when you recover the password from your table you are encrypting to compare the password that is already encripted.

When you compare the passwords use $p_salt.

JuanSedano
  • 1,025
  • 8
  • 14