I have written a program (in php) for letting users do queries in a database (Oracle). The database is used by an accounting software and I want the users to login with same details (username and password) into my page as in the accounting software. Attached is a picture of how the password are stored in the database. I need help to how I should verify if the user type correct password. I think my biggest question is how I should decode the SALT. Have tried base64_decode(), but it gives only strange characters.

I would really appreciate if anyone could help!

personally I'd forget trying to authenticate passwords within PHP. instead I'f try to connect with the back end Oracle db with those credentials. if the Oracle DB is happy with the credentials then the PHP script should be happy.

When you attempt to use passwords within any language / db you should be storing the hashcode or encrypted form of the password. you compare the encrypted / hashcode values NOT the plain text.

I know I have to "compare the encrypted / hashcode values NOT the plain text", but to do that I need to know the decrypted SALT, before I can add it to the password the user enter in my login page, then encrypt and in end compare with the user's stored password. My problem is to decrypt the stored SALT.

In the db the stored SALT-record for one user is: IevwyCHN8w== This is Base64 encoded. If I decode it with Base64_decode() I got these strange characters: !ëðÈ!Íó which give no sense.