Click here to Skip to main content
16,019,055 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
HY!
i have a problem to re-hash a sha512 password. below is my code for registration and login..

this is the Registration code.

PHP
<?php
include 'conn.php';
$user=$_POST['username'];
$pass=$_POST['password'];
$pass=hash("sha512", $pass);

$sql="INSERT INTO user(USER_NAME,PASSWORD)VALUES('$user','$pass')";

$result=mysql_query($sql);
if($result)
{
    echo "record inserted";
}
else
{
    echo mysql_error();
}
//}
mysql_close($con);
?>



this is the login code..

PHP
<pre lang="php"><?php
include 'conn.php';
$user=$_POST['username'];
$pass=$_POST['password'];
$sel="SELECT * FROM user WHERE USER_NAME='".$user."' AND PASSWORD='".hash("sha512",$pass)."'";
$result=mysql_query($sel);
if(mysql_affected_rows() > 0)
{
        $row = mysql_fetch_object($result);

        $_SESSION["username"] = $row->USER_NAME;
        $_SESSION["password"]  = $row->PASSWORD;
      echo  header("location:index.php");
        }

       else
       {
        echo "user does'nt exist please<a href='signup.html'> signup</a> first";

       }
?>


the proble is that the else statement is executed in login page.. registration page working perfectly but login page can't..?
please check it...

THANK's..
Posted
Comments
ZurdoDev 4-Oct-13 11:01am    
So, it isn't finding it? Why not?
msz900 4-Oct-13 11:26am    
i don't know why.
when i try it without using sha512 then all the query work perfectly and when i add the sha512 then the login page execute only else statement...
ZurdoDev 4-Oct-13 11:38am    
So is it actually hashed in the db?

The problem is that you are using mysql_affected_rows() with a SELECT query - it is only for queries that modify data like INSERT and UPDATE.

You should be using mysql_num_rows[^] to find the number of rows that the SELECT query is returning.

If you visit the page I linked to you will see that the whole family of mysql_* functions are deprecated in the latest version of PHP because there are newer and better interfaces available.

And don't forget to sanitize your inputs[^].
 
Share this answer
 
Comments
msz900 4-Oct-13 12:36pm    
please edit your answer width my code...
PHP
HASH it before fetching... 
$hash=hash('sha512',$pass);

and the other main thing is that you password column in database have a size of at least 280 character.
 
Share this answer
 
Comments
Nelek 30-Apr-14 16:45pm    
Do you realize you are answering with the same account that posted the question, as you were another person? (And with 6 months delay?)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900