Click here to Skip to main content
15,881,089 members
Search within:


re-hash sha512 password?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
PHP
MySQL
HY!
i have a problem to re-hash a sha512 password. below is my code for registration and login..

this is the Registration code.

PHP
<?php
include 'conn.php';
$user=$_POST['username'];
$pass=$_POST['password'];
$pass=hash("sha512", $pass);

$sql="INSERT INTO user(USER_NAME,PASSWORD)VALUES('$user','$pass')";

$result=mysql_query($sql);
if($result)
{
    echo "record inserted";
}
else
{
    echo mysql_error();
}
//}
mysql_close($con);
?>



this is the login code..

PHP
<pre lang="php"><?php
include 'conn.php';
$user=$_POST['username'];
$pass=$_POST['password'];
$sel="SELECT * FROM user WHERE USER_NAME='".$user."' AND PASSWORD='".hash("sha512",$pass)."'";
$result=mysql_query($sel);
if(mysql_affected_rows() > 0)
{
        $row = mysql_fetch_object($result);

        $_SESSION["username"] = $row->USER_NAME;
        $_SESSION["password"]  = $row->PASSWORD;
      echo  header("location:index.php");
        }

       else
       {
        echo "user does'nt exist please<a href='signup.html'> signup</a> first";

       }
?>


the proble is that the else statement is executed in login page.. registration page working perfectly but login page can't..?
please check it...

THANK's..
Posted
Add a Solution
Comments
ZurdoDev 4-Oct-13 11:01am    
So, it isn't finding it? Why not?
msz900 4-Oct-13 11:26am    
i don't know why.
when i try it without using sha512 then all the query work perfectly and when i add the sha512 then the login page execute only else statement...
ZurdoDev 4-Oct-13 11:38am    
So is it actually hashed in the db?

2 solutions

The problem is that you are using mysql_affected_rows() with a SELECT query - it is only for queries that modify data like INSERT and UPDATE.

You should be using mysql_num_rows[^] to find the number of rows that the SELECT query is returning.

If you visit the page I linked to you will see that the whole family of mysql_* functions are deprecated in the latest version of PHP because there are newer and better interfaces available.

And don't forget to sanitize your inputs[^].
 
Share this answer
 
Posted
Comments
msz900 4-Oct-13 12:36pm    
please edit your answer width my code...
PHP
HASH it before fetching... 
$hash=hash('sha512',$pass);

and the other main thing is that you password column in database have a size of at least 280 character.
 
Share this answer
 
Posted
Comments
Nelek 30-Apr-14 16:45pm    
Do you realize you are answering with the same account that posted the question, as you were another person? (And with 6 months delay?)
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to Encrypt using SHA512 with Salt?
Retrieve salt from hash sha512
how compare password from database with input user password when password in database hash with sha512 and salt
How to decrypt password
How to match a hash string generated from SHA512 algorithm to payment gateway string
How to Generate a string using paramater from a database and apply sha512 algorithm on this string?
SHA1/SHA256/SHA384/SHA512 or MD5 in C#?(Which One is Better in Speed)
Avoiding dictionary words in the password
Searching valid password
how to show password hidden by passwordchar

Advertise
Privacy
Cookies
Terms of Use
Last Updated 30 Apr 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900