I came across a problem that I hope you guys can help me with.
On register I generate a random salt, hash the password with it and a system salt, and place it in the database. On login I generate a hash from the input password the salt that is stored for that user name, and the system salt. Then compare. However for some reason the hash that gets stored in the database is different from the one generated on login. So I cant login anymore.
If you need more sections of the code I will willing post. I do believe this is where the problem lies. I just cant seem to see it.
Register
$randomSalt = rand(10, 99).mcrypt_create_iv(6, MCRYPT_DEV_RANDOM);
$saltyPassword = $system_salt.$randomSalt.$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);
mysql_query(" INSERT INTO members(username,password,salt,email_address,user_group,registration_ip,registration_datetime)
VALUES(
'".$_POST['username']."',
'".$passwordHash."',
'".$randomSalt."',
'".$_POST['email']."',
'"."user"."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");Login
// Create salt and password
$randomSalt = mysql_fetch_assoc(mysql_query("SELECT salt FROM members WHERE username='{$_POST['username']}'"));
$saltyPassword = $system_salt.$randomSalt['salt'].$_POST['password'];
$passwordHash = hash('sha512', $saltyPassword);
$row = mysql_fetch_assoc(mysql_query("SELECT id,username FROM members WHERE username='{$_POST['username']}' AND password='".$passwordHash."'"));
if($row['username'])
{
// If everything is OK login
$_SESSION['username']=$row['username'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('Remember', $_POST['rememberMe']);
}
else
{
$err[]='Invalid username and/or password';
}