I have written a program (in php) for letting users do queries in a database (Oracle). The database is used by an accounting software and I want the users to login with same details (username and password) into my page as in the accounting software. Attached is a picture of how the password are stored in the database. I need help to how I should verify if the user type correct password. I think my biggest question is how I should decode the SALT. Have tried base64_decode(), but it gives only strange characters.
personally I'd forget trying to authenticate passwords within PHP. instead I'f try to connect with the back end Oracle db with those credentials. if the Oracle DB is happy with the credentials then the PHP script should be happy.
When you attempt to use passwords within any language / db you should be storing the hashcode or encrypted form of the password. you compare the encrypted / hashcode values NOT the plain text.
http://i792.photobucket.com/albums/y.../miniDGR-0.jpg I've taken part in the Distinguished Gentlemans ride, and although I enjoyed the day the main focus was to raise awareness of Prostrate Cancer and raise some funds for research. Many thanks to the many sponsors who helped me raise some £360 towards this cause, its much appreciated and rather humbling.
I know I have to "compare the encrypted / hashcode values NOT the plain text", but to do that I need to know the decrypted SALT, before I can add it to the password the user enter in my login page, then encrypt and in end compare with the user's stored password. My problem is to decrypt the stored SALT.