Variable Visions

Articles MySQL Password-encryption-using-sha256-and-salts


tutorials - MySQL and Web-Development.

Password encryption using sha256 and salts

Published Thu. Jul. 29, 2010


When storing passwords in a database it is good practice to store only the hash encrypted 64 digit hexadecimal string so the actual passwords are never potentially viewed by malicious viewers.

The registration.php script should contain something similar to: $hash = hash('sha256', $pass1); function createSalt() {     $string = md5(uniqid(rand(), true));     return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash);$hash = hash('sha256', $pass1); function createSalt() {     $string = md5(uniqid(rand(), true));     return substr($string, 0, 3); } $salt = createSalt(); $hash = hash('sha256', $salt . $hash);   Your log-in form then checks the database using something similar to: $userData = mysql_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) //incorrect password {     header('Location: login-form.php');         echo "No such password exists";         die(); } else {     validateUser(); //sets the session data for this user }


Tag(s): sha256



RECENT ARTICLES:

PUBLISHED ON 03.3.20arrowWordpress and Woocommerce widget for inserting PHP in Elementor

PUBLISHED ON 09.5.19arrowWordpress and Woocommerce redirect to a product page from categories with a single product

TAGS

CATEGORIES