Hi,
I'm creating a Homepage for a website and I've stumbled in a small feature.
So I'm using a database (SQL) to save my users.
I'm throwing some alt and hashing their passwords but then my problem comes.
If the user attempts to change his password,
I ask him to insert his older password, his new and confirm his new.
Yet since the passwords are hashed and salted they don't match and my stored procedure in SQL returns -2.
ALTER PROCEDURE [dbo].[spChangePassword]
(
@sUsername varchar(50),
@sPasswordNew varchar(100),
@sPasswordNewSalt varchar (128),
@sPasswordNew varchar (100),
@sPasswordNewSalt varchar (128),
)
AS
BEGIN
SET NOCOUNT ON;
if (exists (select 1
from USERS
where Username = @sUsername
and Password = @sPasswordOld))
begin
if (exists (select 1
from USERS
where Username = @sUsername
and Password != @sPasswordNew))
begin
select 1;
update BLC_USER
set Password = @sPasswordNova,
Password_Salt = @sPasswordNewSalt,
where Username = @sUsername;
end
else
select -1; -- New Pass = Old Pass, please chnage
end
else
select -2; -- Old Pass is wrong
END
Am I doing something wrong in regards to the hashing passwords?
How can I compare two salted passwords?
Cheers,
Zamuk