1

I have a test registration form working from this example on stackoverflow

How do I create and store md5 passwords in mysql

I'm now trying to get it working within this array for an existing registration form I am trying to update. Could somebody let me know where I am going wrong please? 

<?

        $fields_array = array();
        $values_array = array();
        while ($row = mysql_fetch_array($result_content))   {

        switch ($row['type'])   {
            case 'password':

    $field_value = $vars[$row['name']];
        $confirm_field_value = $vars['confirm_' . $row['name']];

        //start hashing and salting testing

        $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));

        $saltedPW = $field_value . $salt;

        $hashedPW = hash('sha256', $saltedPW);

        $field_value = $hashedPW . $salt;

        //finish hashing and salting testing

        break;
        default:
        $field_value = $vars[$row['name']];
        if ($row['class'] == 'date' && $row['size'] > 0
            $field_value .= ' ' . $vars[$row['name'] . 'Time'];
        }
    $fields_array[] = $row['name'];
    $values_array[] = "'$field_value'";

    }   



    if (count($error) == 0 && count($fields_array) > 0) {
        $fields_array[] = 'created_date';
        $values_array[] = "'" . date ('Y-m-d H:i:s') . "'";
        $fields_array[] = 'created_ip_number';
        $values_array[] = "'" . $_SERVER['REMOTE_ADDR'] . "'";
        $fields = implode (", ", $fields_array);
        $values = implode (", ", $values_array);
        $result = $db->insertByStrings($table_title, $fields, $values)
        or die('Error in ' . implode (' > ', $this_routine) . ": inserting record into $table_title failed<br/>
            Query: INSERT INTO $table_title ($fields) VALUES ($values)<br/>
            Error: (" . $db->getLastErrorCode() .") " . $db->getLastError());
        $user_id = mysql_insert_id();
    }

    ?>
Community
  • 1
  • 1
Rob88991
  • 153
  • 14
  • 1
    I'd suggest looking at the [PHP Password API](http://php.net/password) and using that instead of doing all this. – Jonnix Nov 17 '15 at 15:34
  • Thank you, I've tried the following: `$field_value = password_hash($vars[$row['name']], PASSWORD_DEFAULT);` but the password is still coming out in plain text. And the same if I add it to $confirm_field_value as well. What am I doing wrong? – Rob88991 Nov 17 '15 at 16:24
  • Ignore me, working perfectly, thanks again. :) – Rob88991 Nov 17 '15 at 16:54

0 Answers0