Reputation: 37
How to encrypt using SHA256 and salt?
Before: I'm sorry for my english.
Ok right now i'm using the following encrypt method:
SHA256_PassHash(inputtext, "78sdjs86d2h", MyHash, sizeof(MyHash));
SHA256 WITH SALT: "78sdjs86d2h
Right now i'm checking the password like this:
if(isset($_POST['username']) && isset($_POST['password'])){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$check = get_row("SELECT playerID FROM playeraccounts WHERE playerName='$username' && playerPassword='$password'");
if(isset($check['playerID']))
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
mysql_query("UPDATE playeraccounts SET rpgon=1 WHERE playerName='$username'");
$id = $check['playerID'];
header("location: index.php");
}
else
{
$err = 'Username sau parola incorecte';
}
}
How can i make it work with this salt method ? Please i'm not very bright about PHP ... can somebody enlight me about how to encrypt the input text ?
Upvotes: 1
Views: 1212
Answers (1)
Reputation: 34093
Don't use SHA256 (which for future reference is a hash function, not an encryption method) for storing passwords. Refer to How to safely store your users' passwords for up-to-date best practices.
Since you're asking about PHP, you want to use password_hash() and password_verify().
Also, beware of SQL injection corner cases.
Upvotes: 3
Related Questions
- How can I prevent SQL injection in PHP?
- How do you parse and process HTML/XML in PHP?
- How do I get a YouTube video thumbnail from the YouTube API?
- startsWith() and endsWith() functions in PHP
- Secure hash and salt for PHP passwords
- How do I check if a string contains a specific word?
- my hashed password values are not matching when retrieving salt value from database