Member Avatar for Behseini

I am trying to create a secure login app using php and MySQLi by following this tutorial: Link To Tutorial The tutorial is using a table(members) with 5 fields as:"id", "username","email","password",and "salt". but at the very beginning there is a an SQL INSERT function which is confusing me

INSERT INTO `secure_login`.`members` VALUES(1, 'test_user', 'test@example.com',
00807432eae173f652f2064bdca1b61b290b52d40e429a7d295d76a71084aa96c0233b82f1feac45
529e0726559645acaed6f3ae58a286b9f075916ebf66cacc', 'f9aab579fc1b41ed0c44fe4ecdbfc
db4cb99b9023abb241a6db833288f4eea3c02f76e0d35204a8695077dcf81932aa59006423976224be0
390395bae152d4ef');

I am guessing the fist long number is a sha512() salted password so I used this php code to generate my sha512 password and insert it to my members database:

<?php
  $password = 'newPassword';
  echo 'sha512: ' . hash('sha512', $password);
?>

and the result is: sha512: 6f63f637f1346149532158022899bdf424a19c3dc472e21c2068cd324d7263ed521fb1c1335afaad6bf3fd94a24c0371217086295255e7773eb8deb2c7a54e1a

Now my question is what is the the the second value which is inserting into the "salt" field?

Unforgettably I couldn't find a way to contact to tutorial person but I tought you may can help me to figure this out.so, Can you please let me know 1- Am i doing the sha512 password salting correctly? 2- What is the last item inserted into members table(salt) , how I can generate that one?

Thanks for you time

  • 3 Contributors
  • 3 Replies
  • 351 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by veedeoo
Member Avatar for diafol

1) looks ok
2) this appears to be the salt used in conjunction with the sha-512 to produce the hash. I may be wrong. Where's the rest of the code for hashing? It appears to be just a sha512 hash without the code, impossible to say how it's produced.

Your link to tutorial is missing, so we can't check.

Member Avatar for Behseini

Thanks diafol, I am realy sorry I forget to add the tutorial link! here is the whole idea
Tutorial

I followed every thing in the tutorial but I am ending always with "Invalid Request" from the "process-login.php" page. the other thing is in process-login.php page at line 6 and 8 there is a "$_POST['p']" shouldnt they be like $_POST['password'] since we have this name on the form password input?
As I said I am following every thing in the tutorial except of using admin user( I didnt know how to update the local host to my server in this code 'CREATE USER 'sec_user'@'localhost' IDENTIFIED BY 'eKcGZr59zAa2BEWU';GRANT SELECT, INSERT, UPDATE ON 'secure_login'.* TO 'sec_user'@'localhost';` )

as I am nt using the localhost ( using free hosting @ http://www.csvdata.uphero.com/.)
Once again thanks for you help and i really appreciate your time if you can help me to solve this issue'

Edited by Behseini
Member Avatar for veedeoo

This might be the code responsible for creating the salt.

    // Create a random salt
  $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
 // Create salted password (Careful not to over season)
 $password = hash('sha512', $password.$random_salt);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.