zabberwan Posted March 3, 2015 Share Posted March 3, 2015 Hello All, Been a while, though peep in now and then.. I have 2 little issues with the Registration/Log-in Application based on Larry's code. When one registers there is an error showing on the page since the link to activate sent in the email seems to be wrong; here's a dummy account attempt email: http://venture-wilderness.com/reg_log.phpregistrar/activate.php?x=webmaster%40venture-wilderness.com&y=6c9a4cd312207c885d6a4ceb3a59fe91 It completes the chore of entering details to the DB, only that it enters the activation Hash also in the DB in the column where there's a NULL for a normal user and ! for the staff/admin. All this worked quite flawlessly until now. Somehow somewhere the code seems to have got a hiccup. The second problem arises basically in the database where it stores the hashed password. I increased the VARCHAR to 123 as I read somewhere that using Blowfish with a random Format+Salt of 22 characters can generate a Hash stringlength of anywhere between 13 and 123. It enters only 49 characters and 3 dots at the end making it 52 in all. What am I doing wrong? The function I wrote to augment password security: <?php function password_encrypt ($password) { $hash_format = "$2y$10$"; //Use Blowfish with a "cost" of 10 $salt_length = 22; //Use 22 characters or more $salted = generate_salt ($salt_length); $format_and_salt = $hash_format . $salted; $hash = crypt($password, $format_and_salt); return $hash; } function generate_salt ($length) { // MD5 returns 32 characters $unique_random_string = md5(uniqid(mt_rand() , true)); // Valid Characters for salt: [a-zA-Z0-9./] $base64_string = base64_encode($unique_random_string); // to convert '+' to '.' in base64 encoding $modified_base64_string = str_replace ('+' , '.' , $base64_string); // Truncate String to the Correct Length $salt = substr($modified_base64_string , 0 , $length); return $salt; } ?> What am I doing wrong? Warm regards, zabberwan Link to comment Share on other sites More sharing options...
Larry Posted March 7, 2015 Share Posted March 7, 2015 I'm not really following either of the problems explained. As for the activation, I can say to debug this you'll want to look at the query in pieces to see what's the problem: the email address or the activation code. Or, if this is the login query, it could be that the column has an empty string value, not a NULL value. Link to comment Share on other sites More sharing options...
Recommended Posts