Posted by Richard Lynch on 02/24/05 18:53

Erbacher Karl wrote:
> I am creating a database where I need people to log in using a unique
> username and password. I would like to hash the passwords using the
> one-way
> function mhash(). However, when I try to do this, I have some issues that
> I
> cannot figure out. Here is what I have (I'll include every mention of the
> variable in case I am missing something obvious):
>
> The file that displays the sign-up form: The user enters a username and
> password into the form, the password is hashed and the hashed value is
> stored in the database.
> <input type='password' name='password' max length='50'>
> $pass=bin2hex(mhash(MHASH_SHA1, $password));
> <input type='hidden' name='pass' value='$pass'>
>
> The input is sent to a file that verifies the data and stores it to the
> database
> $pass=$_POST['pass'];
> INSERT INTO table (username, password) VALUES ('$logname',
> '$pass');
>
> Here's my big problem... I created three seperate sample users with three
> different passwords (password1, password2, password3). When I go back to
> look at the table info in the database, it shows that all three of the
> passwords are exactly the same. I'm not sure why this is happening.

Maybe you are hashing '$password' instead of "$password"...

Or register_globals is OFF, and you're not used to that, and $password has
no value, so you need $_POST['password']

You also need to use error_reporting(E_ALL) on your development server, so
PHP will *TELL* you that $password has no value, and you are using it as
if it did.

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]