Jump to content
  • 0

Password hashing

patgre

Asked by patgre,

 Share

Question

patgre

patgre

Posted
Posted

Hey,

 

im creating website for register and login for intersect engine and i cant understand password hashing.

can someone do an example in php?

Thanks in advance for the help

7 answers to this question

Recommended Posts

  • 2
Skaveron

Skaveron

Posted
Posted

Yeah, first of all you need to write your own hash function. 

public function make($value) {
    return hash("sha256", $value);
}

Also, the password is double hashed. You first need to hash the password and then hash the result with the salt, so something like this; (EDIT: Ah, I see you already got that far!)

  

public function validateCredentials(Authenticatable $user, array $credentials)
    {
        // Check that given credentials belong to the given user        
        $username= $credentials['username'];
        $pass = $credentials['password'];     
        
        $hashedPass = strtoupper(str_replace(["-", "–"], '', Hash::make($pass)));
        $saltedPass = strtoupper(str_replace(["-", "–"], '', Hash::make(strtoupper($hashedPass) . $user->salt)));
                
        $valid_user = IntersectUser::where(['username' => $username, 'pass' => $saltedPass])->first();
        
        if ($valid_user) {
            return TRUE;
        }
        return FALSE;
    }

 

Once the source is released, I'm going to pick up work on the web companion again.

  • 0
Cheshire

Cheshire

Posted
Posted

Pretty sure you posted about this in Discord, and you got very close:

 

unknown.png

 

But you're not using SHA256, you're using BCRYPT which you wrapped in a method called SHA256.

unknown.png?width=400&height=8

 

You already found this: 

And we've explained the basics of how it works (which you've understood, given your example above but using the wrong hashing algorithm and not generating and saving the salt)

Basically, you're really close and despite me constantly telling you that and telling you to stop using BCRYPT you want us to just do it for you? :7_sweat_smile:

  • 0
Cheshire

Cheshire

Posted
Posted
43 minutes ago, SonicMicro234 said:

Relax....your using an open source program to make your *Ahem hobby.....

I wouldnt go as far as password hashing. Also we could easily read it in VS,VB or whatever the fuck you compiling it in.

It's not that he's adding it in, it's already a thing in Intersect. He's trying to make it work with external passwords. :P

  • 0
Otu

Otu

Posted
Posted

Hey, sorry for my English ;)

I wrote a php code that encodes a password in php and wanted to share it. 

$password = $_POST['YourPassword'];
function strToHex($string){
    $hex = '';
    for ($i=0; $i<strlen($string); $i++){
        $ord = ord($string[$i]);
        $hexCode = dechex($ord);
        $hex .= substr('0'.$hexCode, -2);
    }
    return strToUpper($hex);
}
$salt = "AD07665AE12767B2B712752595D0E4C16479B01D07E66AF9F9E6081C811C4C21"; //Salt pulled from the database
$pass = strToHex(hash('sha256',$password,true)).$salt;
$hash = strToHex(hash('sha256',$pass,true));

 

  • -5
SonicMicro234

SonicMicro234

Posted
Posted

Relax....your using an open source program to make your *Ahem hobby.....

I wouldnt go as far as password hashing. Also we could easily read it in VS,VB or whatever the fuck you compiling it in.

 Share
Go to question listing
×
×
  • Create New...