Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>The error itself tells you everything. The constant <code>SALT_LENGTH</code> is not a <code>long</code>. I suspect it's not defined at all, so PHP converts the bare string to a string (<code>"SALT_LENGTH"</code>) and passes <em>that</em> to <code>substr()</code>, which complains.</p> <p>That being said... This code is dangerously wrong:</p> <ol> <li><p><code>if(!isset($result))</code>: Really? This condition will <em>always</em> be false because <code>$result</code> will <em>always</em> be set (unless you run into a problem with <code>mysql_query()</code>, but that doesn't tell you anything about the valididty of the login). And since <code>mysql_query()</code> never returns <code>null</code>, <strong>no logins will ever be rejected.</strong></p></li> <li><p>This query:</p> <pre><code>SELECT * FROM users WHERE hashkey = '{$local_salt}' </code></pre> <p>Is invalid. <code>$local_salt = generateHash($password);</code>. From the <code>generateHash</code> function, if a salt is not given, one will be randomly created for you. Thus, every call to <code>generateHash</code> will generate a new hash, which means it can't be compared to anything in the database.</p></li> </ol> <p>On the basis of the two (very) egregious mistakes above, I would throw away this piece of code for good. </p> <hr> <p>The correct way to check for a valid hash when a salt is used is something like:</p> <pre><code>$_SESSION['user_logged'] = null; // fetch hashed pw from db, where username is the submitted username $result = mysqli_query("SELECT hash FROM users WHERE username = '{$username}'"); if ($result-&gt;num_rows != 0) { $row = $result-&gt;fetch_assoc(); $hash = $row['hash']; $salt = substr($hash, 0, SALT_LENGTH); // extract salt if (generateHash($password, $salt) == $hash) { // login successful. $_SESSION['user_logged'] = $username; // don't store passwords here } } // if $_SESSION['user_logged'] is not set, the login failed if (!isset($_SESSION['user_logged'])) { // you *don't* want to tell people which one (login or pw) is invalid echo 'Invalid login or password'; } </code></pre> <p>Note: It's very important that the <code>SALT_LENGTH</code> is at most 32, or this won't work because of the way <code>generateHash()</code> is implemented.</p>
    singulars
    1. This table or related slice is empty.
    1. POPHP: Hashing code not working any longer?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USNullUserException
    1. USNullUserException
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POPHP: Hashing code not working any longer?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COI appreciate the comments. Thanks and will work on it. Nonetheless, your comment is not related to my question which is why would a piece of code that always worked stopped working!
      singulars
      1. PO
      1. USsys_debug
    2. CO@sys_debug Read the first paragraph. I am guessing it was working before because you had `SALT_LENGTH` defined in another file, which is now missing for whatever reason. Regardless, I am pointing out that even if it was "working" before, it wasn't doing the right thing.
      singulars
      1. PO
      1. USNullUserException
    3. COaha thanks and really appreciate the help. Changing it now. Making sure the pitfalls u outlined above are avoided :)
      singulars
      1. PO
      1. USsys_debug
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload