StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
16970101
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-06-06T19:00:38.990
FavoriteCount
0
LastActivityDate
2013-06-06T19:46:49.910
LastEditDate
2013-06-06T19:46:49.910
LastEditorUserId
2145800
OwnerUserId
2145800
ParentId
16969422
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
You've got the right idea with the security, but if you're generating a new random salt on every attempt when you're trying to compare with an existing record it should never match (it's random)*. You have to store the <code>salt</code> in the table along with the <code>salted hashed password</code>. The salt should be random for each user (as in random, not their user agent), but you'll need to use the <code>salt</code> from the creation of the account to <code>hash</code> the user's password input for comparison. To make the fix: <ol> <li>You'll need to add a 'salt' column to your accounts table (or a relation table that you can relate to the accounts table).</li> <li>Once that's added then you would need to adjust any of the functions where you're doing an <code>insert</code> into the database with the user's information. You'll need to add <code>salt='$salt'</code> to the SQL.</li> <li>On the checks for input <code>login_check()</code> and <code>login()</code> you'll need to do the following: </li> </ol> Update the SQL for the query to check the username first: <pre><code>"select count(*) from accounts where username = '$username'" </code></pre> If the count is '1', then do this: <pre><code>"select salt from accounts where username = '$username'" </code></pre> Then you would do this: <pre><code>$password_for_comparison = hash('sha512', $password.$salt_from_database); </code></pre> Then you would do this: <pre><code>"select count(*) from accounts where username='username' and password='$password_for_comparison'" </code></pre> If this count is <code>1</code> then you have a valid user. Those few things can be added into a new function and called in the other functions (so you're not maintaining two separate code sets). *Note: There are cases where a collision may occur, but with your selection of sha512 this is such a random possibility it's unlikely without someone trying brute force the thing with something like hashcat on a box with 25 vid cards running opencl.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POLog In and Registration Form Password
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USAbsoluteƵERØ
UserOwnerUserId
1. USAbsoluteƵERØ
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COThanks for this now would I have to apply this to the functions login or the login_check?
 singulars
 PostPostId
 PO
 UserUserId
 USpatgarci
2. COIt looks like you're replicating the functionality in both. I've updated my answer.
 singulars
 PostPostId
 PO
 UserUserId
 USAbsoluteƵERØ

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.