Hey everyone,
Basically I have a problem with making a secure login script.
I have a form where I create an admin (add to database) and I thought I would make the password more secure by adding a salt to the password in the database.
I found a function that creates a random hash, and added that to the password before inserting it into the database.
The problem I'm trying to get my head around is that when the admin is logging in, how do I add the salt to the password to make a successful login?
At first when I created the admin I joined the salt to the posted password (in a variable), then used md5 to secure the jointed password when inserting it into the database, I also stored the salt in the database in a seperate field. Like this...
$salt= generateHash();
$password= (empty($_POST['password'])) ? '' : $_POST['password'];
$password2 = $salt.$password1;
$sql = "INSERT INTO users SET
password =md5('$password'),
log=md5('$salt')";
This obviously isn't my full code.
When I was processing the login script, I would first retrieve the salt from the database, then put the salt with the posted password to compare it to the password stored in the database.
Getting to the problem, the md5 password I was trying to compare from the login script ends up different from the md5 password stored in the database, and I can't for the life of me figure out why.
Sorry for this long winded post but I'm really stuck on this one. If you can't be bothered reading it could somebody possibly just post some details about using a salt, or maybe a link to a good tutorial.
Thanks very much, any help would be greatly appreciated.
