I am now creating a sha2 login form after researching and asking for help around online, I find the example code from this link below is quite useful and practical (I hope I am right!??), the only thing I don't understand is the way this programmer wrote the function and getting the salt value from the function.
http://hungred.com/useful-information/p ... -password/
Code: Select all
define('SALT_LENGTH', 15);
function HashMe($phrase, &$salt = null)
{
$pepper = '!@#$%^&*()_+=-{}][;";/?<>.,';
if ($salt == '')
{
$salt = substr(hash('sha512',uniqid(rand(), true).$pepper.microtime()), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}
return hash('sha512',$salt . $pepper . $phrase);
}Code: Select all
function HashMe($phrase, $salt) {..}and then, to get the salt value, you just can get it straight and put it the sql query like below,
Code: Select all
$username = cleanMe($_POST('username'));
$password = cleanMe($_POST('password'));
$salt = '';
$hashed_password = HashMe($password, $salt);
$sqlquery = 'INSERT INTO `usertable` ("username", "password", "salt") VALUES ("'.$username.'", "'.$hashed_password .'", "'.$salt.'") WHERE 1';
..how can I get the salt value from the function like this below before preparing the sql query,
Code: Select all
$salt = "'".salt."'";
$username = "'".$username."'";
$hashed_password = "'".$hashed_password."'";Code: Select all
$sqlquery = 'INSERT INTO `usertable` ("username", "password", "salt") VALUES ($username, $hashed_password, $salt) WHERE 1';besides, having "'" in my sql query, making me dizzy and difficult to debug when things gone wrong...
sorry, I have lots of questions in this thread!
thanks.