I have been messing around with password encryption in PHP and at first I was using the MD5 function to save the passwords in a database, but I ran into trouble logging in. I then tried the hash function and again I had trouble logging in.
The way I was attempting to do this was to have the password encrypted when the account is made, and then every time someone logs in, the password is encrypted again using the same method and then this checks the database to see if the encrypted passwords match. I can create an account fine and it seems that whenever I create an account with the same password, the hashes are the same so I am assuming that they don't change each time (I have little knowledge on encryption and hashes).
This is my current new user creation snippet:
<?php
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "NewUser")) {
$insertSQL = sprintf("INSERT INTO users (username, password, name) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString(hash("sha512",$_POST['password']), "text"),
GetSQLValueString($_POST['name'], "text"));
mysql_select_db($database_ReallyGoodPieConnection, $ReallyGoodPieConnection);
$Result1 = mysql_query($insertSQL, $ReallyGoodPieConnection) or die(mysql_error());
?>
And this is my login snippet:
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$password = hash("sha512", $password);
print $password;
$MM_fldUserAuthorization = "permissions";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_ReallyGoodPieConnection, $ReallyGoodPieConnection);
$LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")
Can anyone help me understand why the actual login is failing. I am using the exact same password for creation and login (obviously) and using the same encryption methods. This is really confusing me.