If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back  dBforums > Data Access, Manipulation & Batch Languages > PHP > Create loginpage - how to verify users password

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old
Registered User
 
Join Date: Dec 2012
Posts: 3
Create loginpage - how to verify users password

I have written a program (in php) for letting users do queries in a database (Oracle). The database is used by an accounting software and I want the users to login with same details (username and password) into my page as in the accounting software. Attached is a picture of how the password are stored in the database. I need help to how I should verify if the user type correct password. I think my biggest question is how I should decode the SALT. Have tried base64_decode(), but it gives only strange characters.

I would really appreciate if anyone could help!
Attached Thumbnails
Create loginpage - how to verify users password-login.png  
Reply With Quote
  #2 (permalink)  
Old
Jaded Developer
 
Join Date: Nov 2004
Location: out on a limb
Posts: 11,663
personally I'd forget trying to authenticate passwords within PHP. instead I'f try to connect with the back end Oracle db with those credentials. if the Oracle DB is happy with the credentials then the PHP script should be happy.

When you attempt to use passwords within any language / db you should be storing the hashcode or encrypted form of the password. you compare the encrypted / hashcode values NOT the plain text.
__________________
I'd rather be riding my Versys or my Tiger 800 let alone the Norton
Reply With Quote
  #3 (permalink)  
Old
Registered User
 
Join Date: Dec 2012
Posts: 3
I know I have to "compare the encrypted / hashcode values NOT the plain text", but to do that I need to know the decrypted SALT, before I can add it to the password the user enter in my login page, then encrypt and in end compare with the user's stored password. My problem is to decrypt the stored SALT.
Reply With Quote
  #4 (permalink)  
Old
Registered User
 
Join Date: Dec 2012
Posts: 3
In the db the stored SALT-record for one user is: IevwyCHN8w== This is Base64 encoded. If I decode it with Base64_decode() I got these strange characters: !! which give no sense.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On