Hi I am currently trying to link a java application I am making to a website I have. Basically I want the accounts that are made on the site to be accessible on the java app. on my login page I have a block of code that extracts a part of the password saved in the sql database. Here it is:
$username = $_POST['username']; //gets the username that is posted from the login page
$password = hash(sha256, md5(sha1($_POST['password']))); //encrypts the password posted from the login page
//get the requested user's password
$details = $database->processQuery("SELECT `password` FROM `users` WHERE `username` = ?", array($username), true); //gets the password from the sql database
$db_password = substr(substr($details[0]['password'], 54), 0, -3); //extracts characters from the saved password from 54 to -3 from the end
In the register page I have this:
//generate a salt
$salt = substr(hash(sha256, sha1(time())), 10);
$password = $salt.hash(sha256, md5(sha1($_POST['password']))).substr($salt, 0, -51);
$_SESSION['salt'] = $salt;
$_SESSION['password'] = $password;
$base->redirect('done.php');
I believe this adds the salt before the password that is generated by the time. So I need to extract JUST the password and obviously in the login page it is able to do this by starting the password at 54 and ending it 3 characters before the end. I have made an cryptographer that encrypts the password the user enters in the java application (sha1 > md5 > sha254) then I tried to match the passwords. I used:
substring(54, pass.length()-3)
This worked perfectly with a randomly generated password I entered on the website "d1ck30ng1". But when I made another account with the password "test123" I get an extra character before the password that matches it here is an example:
d1ck30ng1:
Password that is read from the database before parts are removed:
5a3a59efb7d2085d12a2fe5298a7795c85b99dc7b3bcabc60d9e4c6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf5a3
Password that is entered in the application:
6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf
Password that is read from the database after the parts are removed:
6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf
matches perfectly
test123:
Password that is read from the database before parts are removed:
fb1c94c4ab1b104badff98261269856aca8d34575c7114124aebbd068dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24bfb1
Password that is entered in the application:
68dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24b
Password that is read from the database after parts are removed
068dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24b
does not match!
So my question is... How can i get this to work and why isn't it working :) Thank you in advance! Oh and by the way, I'm new here so I'm sorry if I didn't put enough detail into this post or have done something wrong while posting.
