How to use sha256 in php5 3 0

Question

I m using sha256 to encrypt the password  I can save the sha256 encrypted password in mysql  But i can t login with the same clause   Insert code    lt  php error reporting E ALL   E NOTICE    username     POST  uusername     passcode     POST  ppasscode     userflag     POST  uuserflag       passcodeen   hash  sha256   passcode    passcodeen   hash  sha256    get magic quotes gpc     stripslashes  ppasscode     ppasscode     conn   mysql connect  localhost   charles   charles   or die  connection failed with DB   mysql error     mysql select db  sessiondb     query    INSERT INTO users username passcode userflag  values   username    passcodeen    userflag       Select code    lt  php  error reporting E ALL   E NOTICE         mysql connect  localhost   charles   charles   or die  Connection failed  mysql error          mysql select db  sessiondb   or die  Database doesn t exist  mysql error           get user input      username     POST  username         ppasscode     POST  ppasscode           passcodeen   hash  sha256    ppasscode        passcodeen   hash  sha256    get magic quotes gpc     stripslashes  ppasscode     ppasscode          get session value from mysql      query    mysql query  select username  userflag from users where username    username  and passcode     passcodeen    or die  Query execution failed  mysql error       Is there something wrong   I m very confused  Thanks

User · Answer

First of all  sha256 is a hashing algorithm  not a type of encryption  An encryption would require having a way to decrypt the information back to its original value  collisions aside    Looking at your code  it seems it should work if you are providing the correct parameter    Try using a literal string in your code first  and verify its validity instead of using the   POST   variable Try moving the comparison from the database query to the code  get the hash for the given user and compare to the hash you have just calculated    But most importantly before deploying this in any kind of public fashion  please remember to sanitize your inputs  Don t allow arbitrary SQL to be insert into the queries  The best idea here would be to use parameterized queries

User · Answer

Could this be a typo   two Ps in ppasscode  intended      POST  ppasscode      I would make sure and do   print r   POST     and make sure the data is accurate there  and then echo out what it should look like   echo hash  sha256     POST  ppasscode       Compare this output to what you have in the database  manually   By doing this you re exploring your possible points of failure    Getting password from form hashing the password stored password comparison of the two

User · Answer

A way better solution is to just use the excelent compatibility script from Anthony Ferrara   https   github com ircmaxell password compat  Please  and also  when checking the password  always add a way  preferibly async  so it doesn t impact the check process for timming attacks  to update the hash if needed

User · Answer

The first thing is to make a comparison of functions of SHA and opt for the safest algorithm that supports your programming language  PHP    Then you can chew the official documentation to implement the hash   function that receives as argument the hashing algorithm you have chosen and the raw password   sha256   gt  64 bits sha384   gt  96 bits sha512   gt  128 bits  The more secure the hashing algorithm is  the higher the cost in terms of hashing and time to recover the original value from the server side    hashedPassword   hash  sha256    password

User · Answer

You should use Adaptive hashing like http   en wikipedia org wiki Bcrypt for securing passwords

[php] How to use sha256 in php5.3.0

Examples related to php

Examples related to hash

Examples related to sha256