this is supposed to be a basic question but I'm learning. I'm making a log in system, user enters a username and a password. How do I send the password into my function hash via javascript. Cause I need to compare it afterwards with the one in my DB. If the password hashed = database password then it is OK.
<link rel="stylesheet" href="style.css" />
<!-- ... -->
<div align="center">
<form action="connection.php" method="post">
<p>Fill your crendentials</p>
<label for="usrUserName">Your login</label>
<input id="usrUserName" name="usrUserName" /><br />
<tr><td>Password</td><td><input type="password" name="usrPassword" maxlength="25" id="usrPassword"/>
<form action="insert.php" method="post" onsumbit="return create_hash()">
</form>
</div>
That's what I have at the moment. I can show you the function hash but people say it's not a good idea.
EDIT My complete code
<script type="text/javascript">
define("PBKDF2_HASH_ALGORITHM", "sha1");
define("PBKDF2_ITERATIONS", 1000);
define("PBKDF2_SALT_BYTES", 24);
define("PBKDF2_HASH_BYTES", 24);
define("HASH_SECTIONS", 4);
define("HASH_ALGORITHM_INDEX", 0);
define("HASH_ITERATION_INDEX", 1);
define("HASH_SALT_INDEX", 2);
define("HASH_PBKDF2_INDEX", 3);
function create_hash($usrPassword)
{
var usrPassword =document.getElementById("usrPassword").value;
// format: algorithm:iterations:salt:hash
$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTES, MCRYPT_DEV_URANDOM));
return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .
base64_encode(pbkdf2(
PBKDF2_HASH_ALGORITHM,
$usrPassword,
base64_decode($salt),
PBKDF2_ITERATIONS,
PBKDF2_HASH_BYTES,
true
));
alert("usrPassword");
}
function validate_password($usrPassword, $good_hash)
{
$params = explode(":", $good_hash);
if(count($params) < HASH_SECTIONS)
return false;
$pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);
return slow_equals(
$pbkdf2,
pbkdf2(
$params[HASH_ALGORITHM_INDEX],
$usrPassword,
base64_decode($params[HASH_SALT_INDEX]),
(int)$params[HASH_ITERATION_INDEX],
strlen($pbkdf2),
true
)
);
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">
<link rel="stylesheet" href="style.css" />
<div align = "center">
<form action = 'connection.php' method="post" >
<p> Entrer vos informations </p>
<label for="usrUserName">Votre code d'usager </label> <input
id="usrUserName" name="usrUserName" /><br />
<label for="usrPassword">Votre mot de passe </label> <input
id="usrPassword" name="usrPassword" type="usrPassword" /><br />
<input type="submit" value="submit" onsubmit=="return create_hash()">
</form>