Login

Chaos · 07-26-2011, 10:00 PM

It's like securing the secured.

[lua]

function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt - createSalt();
$hash = hash('sha256', $salt . $hash);
[/lua]

Use it, love it. Be secure kids.

noob007 · 07-27-2011, 09:16 AM

Creating a random salt each time will make your hashes useless, for they need to have the same salt, all of them.

Chaos · 07-27-2011, 02:47 PM

I'm hashing the hashed. Which basically makes passwords in my database almost impossible to hack.

noob007 · 07-27-2011, 06:10 PM

And also impossible to be of any use.

When you hash something, you expect the hash of that thing to be the same every time, else it's useless.

Chaos · 07-27-2011, 06:12 PM

Whatever you say...

noob007 · 07-27-2011, 06:18 PM

Here's why:

Because when you hash a password, you then check it against the hash in the database. If they're equal, you let the user log in.

Chaos · 07-27-2011, 06:38 PM

Hm, I see what you mean. But I used it and my script so far works fine.

noob007 · 07-27-2011, 06:40 PM

So you're saving the password to a database and then checking it when the user tries to login?

Chaos · 07-27-2011, 07:04 PM

I'm putting there info that they register with into the database, then when they log in I check id the original password's match.. I'm not completely encrypting the passwords for them. Just so when I go into the database I don't see it. So if a hacker hacks me, they wont see the password's.

Login
Username:
Password:	Lost Password?
	Remember me