I have started to work on making a login system and using the crypt function for the encoding of passwords. My problem is that when I register the user with there user and password it all works and saves the username password and salt to the database. here is the code for the registration:
Note: this is only a test register page at the moment
$username=$_POST["username"];
$password=$_POST["password"];
$salt = substr(md5(microtime()),rand(0,26),15);
$hashedPass = crypt($password,'$2y$10$' . $salt);
$sql="INSERT INTO `users`(`id`, `username`, `password`, `salt`, `Perm_level`) VALUES (NULL,'$username','$hashedPass','$salt','test')";
$result=mysql_query($sql);
it encrypts it corrrect so a real example is the password test comes out as: $2y$10$d395985a2ca993f$$$$$$.k8lxPkUCenMKsOJ6V8tdO6Pl/Gl1/OW
and its salt is for:
d395985a2ca993f
When I go to login though I pull the salt out of the database and try to re encrypt it in the same way but I get a different encrypted password... the salt is correct and so is the first part of the password so this part "$2y$10$d395985a2ca993f$$$$$$."
Here is the code below for the login:
$sql="SELECT * FROM `users` WHERE username='$user'";
$result=mysql_query($sql);
while($rows=mysql_fetch_array($result)){
$salt=$rows['salt'];
}
$hashedPass = crypt($password,'$2y$10$' . $salt);
$sql="SELECT * FROM `users`WHERE username='$user' AND `password` = '$hashedPass'";
$result=mysql_query($sql);
if($result) {
if(mysql_num_rows($result) == 1) {
echo "Successful Login";
}
}
for the login page the salt is correct but here is the password once it has been hashed: $2y$10$d395985a2ca993f$$$$$$.ccy3PKl.TsG26FWJBFXKmpQ3wtk4AqC
the first part up to the full stop is correct its just the second half is different
I have tried to set the salt to a manual one so like abc or 123 just for tests on the logon and register pages but I still have the same error