Results 1 to 4 of 4
  1. #1
    Join Date
    Dec 2012
    Posts
    3

    Create loginpage - how to verify users password

    I have written a program (in php) for letting users do queries in a database (Oracle). The database is used by an accounting software and I want the users to login with same details (username and password) into my page as in the accounting software. Attached is a picture of how the password are stored in the database. I need help to how I should verify if the user type correct password. I think my biggest question is how I should decode the SALT. Have tried base64_decode(), but it gives only strange characters.

    I would really appreciate if anyone could help!
    Attached Thumbnails Attached Thumbnails login.png  

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    12,436
    personally I'd forget trying to authenticate passwords within PHP. instead I'f try to connect with the back end Oracle db with those credentials. if the Oracle DB is happy with the credentials then the PHP script should be happy.

    When you attempt to use passwords within any language / db you should be storing the hashcode or encrypted form of the password. you compare the encrypted / hashcode values NOT the plain text.
    I'd rather be riding on the Tiger 800 or the Norton

  3. #3
    Join Date
    Dec 2012
    Posts
    3
    I know I have to "compare the encrypted / hashcode values NOT the plain text", but to do that I need to know the decrypted SALT, before I can add it to the password the user enter in my login page, then encrypt and in end compare with the user's stored password. My problem is to decrypt the stored SALT.

  4. #4
    Join Date
    Dec 2012
    Posts
    3
    In the db the stored SALT-record for one user is: IevwyCHN8w== This is Base64 encoded. If I decode it with Base64_decode() I got these strange characters: !! which give no sense.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •