Kasun Kasun - 7 months ago 27
SQL Question

password salt is not working after I hosted the website

I have created a small website that can download movies and tv series. There I added a user registration and login system. I used xampp latest version (php version 5.6.19) to check the website. In the registration php file, I have added password salt technique. It worked perfectly in the xampp. After I hosted my website it didn't worked. password salt is not generated and stored in the database. But username, email and password are going to the database successfully.

register.php

<?php
require_once 'core/init.php';

if(Input::exists()){

$user = new User();
$salt = Hash::salt(32);

try{

$user->create(array(
'uname' => Input::get('uname'),
'mail' => Input::get('mail'),
'pass' => Hash::make(Input::get('pass'), $salt),
'salt' => $salt

));

Session::flash('home', 'You have registered successfully now you can log in !');
Redirect::to('index.html');

}catch(Exception $e){
die($e->getMessage());
}


}

?>


hash.php

<?php
class Hash{
public static function make($string, $salt = ''){
return hash('sha256', $string . $salt);
}

public static function salt($length){
return mcrypt_create_iv($length);

}

public static function unique(){
return self::make(uniqid());

}
}


user.php

<?php
class User{
private $_db,
$_data,
$_sessionName,
$_cookieName,
$_isLoggedIn;

public function __construct($user = null){
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');

if(!$user){
if(Session::exists($this->_sessionName)){
$user = Session::get($this->_sessionName);

if($this->find($user)){
$this->_isLoggedIn = true;
}else{
//process logout
}
}
}else{
$this->find($user);
}
}


public function create($fields = array()){
if(!$this->_db->insert('users', $fields)){
throw new Exception('There was a problem creating an account !');
}
}

public function find($user = null){
if($user){
$field = (is_numeric($user)) ? 'id' : 'uname';
$data = $this->_db->get('users', array($field, '=', $user));
if($data->count()){
$this->_data = $data->first();
return true;
}
return false;
}
}

public function login($username = null, $password = null, $remember = false ){

if(!$username && !$password && $this->exists()){
Session::put($this->_sessionName, $this->data()->id);
}else{
$user = $this->find($username);

if($user){
if($this->data()->pass === Hash::make($password, $this->data()->salt)){
Session::put($this->_sessionName, $this->data()->id);
if($remember){
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));

if(!$hashCheck->count()){
$this->_db->insert('users_session',array(
'user_id' => $this->data()->id,
'hash' => $hash

));
}else{
$hash = $hashCheck->first()->hash;
}

Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}

return false;
}

public function exists(){
return (!empty($this->_data)) ? true : false;
}

public function logout(){
$this->_db->delete('users_session', array('user_id', '=', $this->data()->id));
Session::delete($this->_sessionName);
Cookie::delete($this->_cookieName);
}

public function data(){
return $this->_data;
}

public function isLoggedIn(){
return $this->_isLoggedIn;
}
}


What may cause the problem...

Answer

Check if your hash function is supported by the PHP installation on your web host.
You may try this in your salt function - bin2hex(mcrypt_create_iv(30, MCRYPT_DEV_RANDOM))