Page 1 of 1

Fatal Error: can't redeclare hash

Posted: Fri Mar 02, 2012 8:15 pm
by dyr
Hi folks! I've been trying to get a decent working login, and of course this includes a register portion. It seems to work fine, however after I register, it says Fatal Error: Cannot redeclare hash() and no information is processed.

I know the hash function already comes with php so I shouldn't redeclare it like I am, but I'm a bit confused on how would I create a salt/hash without declaring it? Here's the entire register script I have, the salts and hashes I added for (supposedly, from my readings anyway) better security.

Code: Select all

include('config.php');

if($loggedin == '1')
die('You can't register another account while you're logged in.');

if(isset($_POST['submit']))
{
$uname = trim($_POST['username']);
	
function hash($pass) {
    $hash = hash('sha256', $pass);
	
function createSalt()
{
    $string = md5(uniqid(rand(), true));
    return substr($string, 0, 3);
}

$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
$uname = mysql_real_escape_string($uname);
}

if((!isset($_POST['username'])) || (!isset($_POST['pass']))
|| ($uname == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=register.php>Continue</a>");

$check = @mysql_query("SELECT id FROM players WHERE username = '$uname'");
$check = @mysql_num_rows($check);

if($check > 0)
die("Sorry, that username has already been taken. Please try again.
<br><br>
<a href=register.php>Continue</a>");

$pass = md5($_POST['pass']);


$newPlayer = @mysql_query("INSERT INTO players (username, password, registered) VALUES ('$username','$hash','$salt')") or die("Error: ".mysql_error());

echo 'You have been registered! You may now <a href=index.php>Log in</a>.';

}
else
{

echo '<form action=register.php method=post>
Username: <input type=text name=username><br>
Password: <input type=password name=pass><br>
<input type=submit name=submit value=Submit>
</form>';

}

Re: Fatal Error: can't redeclare hash

Posted: Fri Mar 02, 2012 8:19 pm
by Celauran
Why do you feel the need to redeclare it? Your hash function isn't really doing anything anyway. Use the built-in hash function. Better yet, use bcrypt().

Re: Fatal Error: can't redeclare hash

Posted: Fri Mar 02, 2012 8:20 pm
by TonsOfFun
Why do you need to declare it? It looks like you just use PHP's native hash function.

If there is a reason you need it, just name it something else like my_hash();

Re: Fatal Error: can't redeclare hash

Posted: Fri Mar 02, 2012 9:41 pm
by dyr
Celauran wrote:Why do you feel the need to redeclare it? Your hash function isn't really doing anything anyway. Use the built-in hash function. Better yet, use bcrypt().
Bcrypt makes it a lot more secure, thanks for the link! From reading it seems bcrypt bogs down the server a lot, as it takes more time for users to log in (correct me if I'm wrong and just misunderstood). Is there a simple-way to counteract this slowness besides buying faster servers/hosting?

Re: Fatal Error: can't redeclare hash

Posted: Sat Mar 03, 2012 6:22 am
by Celauran
The slowness isn't an issue for individual users. It still only takes a fraction of a second to hash a password; less time than it takes the user to enter it. Blowfish being slow benefits you if your database has been compromised and the attacker is free to brute force until his heart's content.