[eluser]veledrom[/eluser]
I'm sending plain PHP code without CI bits to reduce lines.
How do I validate user login if I use script below? I mean, since salt is dynamic how do I use in SELECT statement in VALIDATE USER LOGIN section below?
Thanks
Code:
<?php
/*
**
** DATABASE STRUCTURE **************************************************************
**
** CREATE TABLE `users` (
** `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
** `username` varchar(20) NOT NULL,
** `password` varchar(40) NOT NULL COMMENT 'encrypted password',
** `salt` varchar(20) NOT NULL COMMENT 'random key',
** PRIMARY KEY (`id`)
** );
**
*/
/*
** CREATE AN ACCOUNT IN DATABASE ***************************************************
*/
$username = $_POST['username']; //Get username from form
$password = $_POST['password']; //Get password from form
$ci_encryption_key = $this->config->item('encryption_key'); //Get CI's static key
$salt = mt_rand(); //Generate dynamic salt value
$hash = sha1($ci_encryption_key . $password. $salt); //Generate hash password
$sql = "INSERT INTO login (username, password, salt) VALUES ('" . $username . "', '" . $hash . "', '" . $salt . "')";
/*
** VALIDATE USER LOGIN *************************************************************
*/
$username = $_POST['username']; //Get username from form
$password = $_POST['password']; //Get password from form
$ci_encryption_key = $this->config->item('encryption_key'); //Get CI's static key
$sql = "SELECT username FROM login WHERE username = '" . $username . "' AND ?????????????????";