Hi I'm using sha512 static salt stored in DB and check every login but need to change random salt, but I don't know how to solve this, I'm just a beginner of the PHP.
Does anybody have any experience with creating such classes and also, what hashing procedure did they finally settle on? I've heard about bcrypt but couldnt find any php examples on this.
Thanks in advance,
Register Function
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
Login Function
$_SESSION['login_string'] = hash('sha512', $password . $user_browser);
function login_check($mysqli) {
// Check if all session variables are set
if (isset($_SESSION['user_id'],
$_SESSION['username'],
$_SESSION['email'],
$_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$email1 = $_SESSION['email'];
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
if ($stmt = $mysqli->prepare("SELECT password
FROM members
WHERE id = ? LIMIT 1")) {
$stmt->bind_param('i', $user_id);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1) {
$stmt->bind_result($password);
$stmt->fetch();
$login_check = hash('sha512', $password . $user_browser);
if ($login_check == $login_string) {
return true;
} else {
....
}
} else {
....
}
} else {
....
}
} else {
......
}
}
Aucun commentaire:
Enregistrer un commentaire