I came across a problem that I hope you guys can help me with.

On register I generate a random salt, hash the password with it and a system salt, and place it in the database. On login I generate a hash from the input password the salt that is stored for that user name, and the system salt. Then compare. However for some reason the hash that gets stored in the database is different from the one generated on login. So I cant login anymore.

If you need more sections of the code I will willing post. I do believe this is where the problem lies. I just cant seem to see it.

Register

$randomSalt = rand(10, 99).mcrypt_create_iv(6, MCRYPT_DEV_RANDOM);
$saltyPassword = $system_salt.$randomSalt.$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);	
			
mysql_query("	INSERT INTO members(username,password,salt,email_address,user_group,registration_ip,registration_datetime)
VALUES(
	'".$_POST['username']."',
	'".$passwordHash."',
	'".$randomSalt."',
	'".$_POST['email']."',
	'"."user"."',
	'".$_SERVER['REMOTE_ADDR']."',
	NOW()
)");

Login

// Create salt and password
$randomSalt = mysql_fetch_assoc(mysql_query("SELECT salt FROM members WHERE username='{$_POST['username']}'"));
$saltyPassword = $system_salt.$randomSalt['salt'].$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);
		
$row = mysql_fetch_assoc(mysql_query("SELECT id,username FROM members WHERE username='{$_POST['username']}' AND password='".$passwordHash."'"));
if($row['username'])
{
    // If everything is OK login
    $_SESSION['username']=$row['username'];
    $_SESSION['id'] = $row['id'];
    $_SESSION['rememberMe'] = $_POST['rememberMe'];
			
    // Store some data in the session
    setcookie('Remember', $_POST['rememberMe']);
}
else 
{
    $err[]='Invalid username and/or password';
}

Ok I found out that the problem is in the mcrypt_create_iv(6, MCRYPT_DEV_RANDOM). I dont know why but it just doesn't work. I got an alt mcrypt and it works well.

function alt_mcrypt_create_iv ($size) {
    $iv = '';
    for($i = 0; $i < $size; $i++) {
        $iv .= chr(rand(0,255));
    }
    return $iv;
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.