i have hashed the password when a user will register ...but when i am trying to login the page it is showing that username or password is wrong...
Here is below the hashing code
// Get values from form
$fullname=$_POST['userid'];
$username=$_POST['username'];
$email=$_POST['uemail'];
$password=$_POST['passid'];
$birthdate=$_POST['birthdate'];
$country=$_POST['mytextarea'];
$hash = hash('sha256', $password);
function createSalt()
{
$text = md5(uniqid(rand(), true));
return substr($text, 0, 3);
}
$salt = createSalt();
$password = hash('sha256', $salt . $hash);
// Insert data into mysql
$sql="INSERT INTO tbl_registration(`fullname`,`username`,`email`,`password`,`birthdate`, `country`) VALUES('{$fullname}', '{$username}', '{$email}', '{$password}', '{$birthdate}', '{$country}' )";
$result=mysql_query($sql);
Here is below i am using the login code...
// userName and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1 ){
if(crypt($password, $row['Password']) == $row['Password'])
{
header("location:index.php");
exit();
}
}
else {
//echo "Wrong Username or Password";
header("Location:login.php?errorMssg=".urlencode("Wrong Username or Password"));
}
So what i will do now..
