Reputation: 2657
How to check mysql hashed password with salt
I'm using a tutorial to setup a mail server (its already working), and I want to also use the users table to login on the website.
The sql that the tutorial uses to create an account is:
INSERT INTO 'mailserver'.'virtual_users'
('id', 'domain_id', 'password' , 'email')
VALUES ('1', '1',
ENCRYPT('PASSWORD', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),
'[email protected]');
The way I see it,
ENCRYPT('PASSWORD', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
Creates a salted hash, right? the thing is that the salt looks to be a random not stored value.
How am I supposed to compare it with the password provided by the user?
Postfix has no problem in doing it, since it works, so I have to be missing something
Upvotes: 2
Views: 2281
Answers (1)
Reputation: 212522
The ENCRYPT function will output a "salted" string prefixed with the salt itself, so feeding it back the encrypted password will re-supply the original salt.
When you need to compare a password in the database with one that a user has entered, use a query like this
SELECT * FROM `mailserver`.`virtual_users`
WHERE `email` = '<the email address entered by the user>'
AND `password` = ENCRYPT('<the password entered by the user>', `password`);
Upvotes: 3
Related Questions
- PHP Salt and hashing of password
- How to check a hashed password against database
- Getting password hash from MySQL
- In PHP how to check if hashed password match database password
- How to check the password in Mysql Database against the entered one if we are using salt technique?
- Checking hashed password on login
- Checking username and hashed/salted password in mysql database using PHP
- Login authorization, how to check if the password matches a SALT + HASH - PHP + MySQL
- Can I get my salt from a database and then check the password in the same query?
- mysqli, sha1/salt password valid check