1

Here is my create account mysql query. For the sake of ease I have left out salting.

$q = $dbc -> prepare("INSERT INTO accounts (username, email, password) 
                      VALUES (?, ?, ?)");
$q -> execute(array($_POST['username'], $_POST['email']
                        ,hash('sha256', $_POST['password'])));

Which does what I want, inserts a hashed password into the database, now my login script;

if ($count == 1 && $info['password'] === hash('sha256', $_POST['password']) 
                && $info['logcount'] != -1) { // successful login

This statement always returns false, I have tried different operates ie (=, ==), I am sure it is a simple solution.

Also if you have any good salting techniques please share :)

Thanks.

Johan
  • 74,508
  • 24
  • 191
  • 319
Basic
  • 1,818
  • 5
  • 21
  • 31

1 Answers1

-1

Why do you make type checking with ===? Maybe just 

$info['password'] == hash('sha256', $_POST['password'])

?

miholeus
  • 1,537
  • 1
  • 9
  • 8
  • Read the question it says: `I have tried different operates ie (=, ==),` – Johan Apr 16 '11 at 14:45
  • For php hash salts see the question: http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords – Johan Apr 16 '11 at 21:39