0

I came across a problem that I hope you guys can help me with.

On register I generate a random salt, hash the password with it and a system salt, and place it in the database. On login I generate a hash from the input password the salt that is stored for that user name, and the system salt. Then compare. However for some reason the hash that gets stored in the database is different from the one generated on login. So I cant login anymore.

If you need more sections of the code I will willing post. I do believe this is where the problem lies. I just cant seem to see it.

Register

$randomSalt = rand(10, 99).mcrypt_create_iv(6, MCRYPT_DEV_RANDOM);
$saltyPassword = $system_salt.$randomSalt.$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);	
			
mysql_query("	INSERT INTO members(username,password,salt,email_address,user_group,registration_ip,registration_datetime)
VALUES(
	'".$_POST['username']."',
	'".$passwordHash."',
	'".$randomSalt."',
	'".$_POST['email']."',
	'"."user"."',
	'".$_SERVER['REMOTE_ADDR']."',
	NOW()
)");

Login

// Create salt and password
$randomSalt = mysql_fetch_assoc(mysql_query("SELECT salt FROM members WHERE username='{$_POST['username']}'"));
$saltyPassword = $system_salt.$randomSalt['salt'].$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);
		
$row = mysql_fetch_assoc(mysql_query("SELECT id,username FROM members WHERE username='{$_POST['username']}' AND password='".$passwordHash."'"));
if($row['username'])
{
    // If everything is OK login
    $_SESSION['username']=$row['username'];
    $_SESSION['id'] = $row['id'];
    $_SESSION['rememberMe'] = $_POST['rememberMe'];
			
    // Store some data in the session
    setcookie('Remember', $_POST['rememberMe']);
}
else 
{
    $err[]='Invalid username and/or password';
}
1
Contributor
1
Reply
2
Views
5 Years
Discussion Span
Last Post by ShadyTyrant
1

Ok I found out that the problem is in the mcrypt_create_iv(6, MCRYPT_DEV_RANDOM). I dont know why but it just doesn't work. I got an alt mcrypt and it works well.

function alt_mcrypt_create_iv ($size) {
    $iv = '';
    for($i = 0; $i < $size; $i++) {
        $iv .= chr(rand(0,255));
    }
    return $iv;
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.