I am trying to create a secure login app using php and MySQLi by following this tutorial: Link To Tutorial The tutorial is using a table(members) with 5 fields as:"id", "username","email","password",and "salt". but at the very beginning there is a an SQL INSERT function which is confusing me

INSERT INTO `secure_login`.`members` VALUES(1, 'test_user', 'test@example.com',
529e0726559645acaed6f3ae58a286b9f075916ebf66cacc', 'f9aab579fc1b41ed0c44fe4ecdbfc

I am guessing the fist long number is a sha512() salted password so I used this php code to generate my sha512 password and insert it to my members database:

  $password = 'newPassword';
  echo 'sha512: ' . hash('sha512', $password);

and the result is: sha512: 6f63f637f1346149532158022899bdf424a19c3dc472e21c2068cd324d7263ed521fb1c1335afaad6bf3fd94a24c0371217086295255e7773eb8deb2c7a54e1a

Now my question is what is the the the second value which is inserting into the "salt" field?

Unforgettably I couldn't find a way to contact to tutorial person but I tought you may can help me to figure this out.so, Can you please let me know 1- Am i doing the sha512 password salting correctly? 2- What is the last item inserted into members table(salt) , how I can generate that one?

Thanks for you time

Member Avatar

1) looks ok
2) this appears to be the salt used in conjunction with the sha-512 to produce the hash. I may be wrong. Where's the rest of the code for hashing? It appears to be just a sha512 hash without the code, impossible to say how it's produced.

Your link to tutorial is missing, so we can't check.

Thanks diafol, I am realy sorry I forget to add the tutorial link! here is the whole idea

I followed every thing in the tutorial but I am ending always with "Invalid Request" from the "process-login.php" page. the other thing is in process-login.php page at line 6 and 8 there is a "$_POST['p']" shouldnt they be like $_POST['password'] since we have this name on the form password input?
As I said I am following every thing in the tutorial except of using admin user( I didnt know how to update the local host to my server in this code 'CREATE USER 'sec_user'@'localhost' IDENTIFIED BY 'eKcGZr59zAa2BEWU';GRANT SELECT, INSERT, UPDATE ON 'secure_login'.* TO 'sec_user'@'localhost';` )

as I am nt using the localhost ( using free hosting @ http://www.csvdata.uphero.com/.)
Once again thanks for you help and i really appreciate your time if you can help me to solve this issue'

This might be the code responsible for creating the salt.

    // Create a random salt
  $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
 // Create salted password (Careful not to over season)
 $password = hash('sha512', $password.$random_salt);