I have been developing a login library for a website using CodeIgniter. The authentication code is as follows:
function signin($username, $password)
{
$CI =& get_instance();
$query_auth=$this->db->query('SELECT user_id, banned FROM user WHERE username=? AND password=SHA1(CONCAT(?,salt)) LIMIT 1', array($username, $password));
if($query_auth->num_rows()!=1)
return 2;
else
{
if($query_init->row()->banned==1)
return 3;
else
{
$CI->load->library('session');
$this->session->set_userdata('gauid', $query_auth->row()->user_id);
return 1;
}
}
}
The return values signifying success, failure or banned. Each user has a unique salt stored in the database.
Originally i grabbed the salt from the database, combined the users inputted password and salt from the database in PHP, then queried the database again with the combined value. I thought that this would speed things up as only one trip to the database is required and there is less code. I also thought that it would be equally secure, however after reading the top reponse to this question Salting my hashes with PHP and MySQL ...
First of all, your DBMS (MySQL) does not need to have any support for cryptographic hashes. You can do all of that on the PHP side, and that's also what you should do.
...I started to wonder if there was a security problem i had neglected to spot.
Is there actually anything wrong this code?
