I have a login system but the password is not checking that the db hashed pass is the same as pass after hashed. Please help. I have uploaded files below as txt!
input.txt (1.26 KB)
login.txt (41.8 KB)
There are a lot of things wrong with your scripts. Static salts, md5() instead of BCrypt, static form variables, guessable hashes (e.g. “sha1(uniqid(mt_rand(), true))” is NOT random), lack of rate limiting, etc. Ever since I found out about the barebones sso server, I’ve been using it for deployments:
It’s much more secure and versatile than your system.
At any rate, your specific bug appears to be this line:
[php] $user_passwords = ‘user_password’;[/php]
You probably meant:
[php] $user_passwords = $_POST[‘user_password’];[/php]