[eluser]codejack[/eluser]
I've been working on my web application this evening, more specifically my password hashing. I was hoping I could get some feedback on my code and see if anybody can spot any glaring mistakes. How secure is the system I have used?
Firstly, my function that processes when a new user registers:
Code:
function new_registration($username, $email, $password, $psn, $confirmation_code)
{
// Store the new user's information in the database.
$key = $this->config->item('encryption_key');
$salt1 = hash('sha512', $key . $password);
$salt2 = hash('sha512', $password . $key);
$hashed_password = hash('sha512', $salt1 . $password . $salt2);
$userinfo = array(
'username' => $username,
'email' => $email,
'password' => $hashed_password,
'psn' => $psn,
'confirmation_code' => $confirmation_code
);
$this->db->insert('user', $userinfo);
}
And secondly, my function that checks whether or not the username and password are correct:
Code:
function check_login_exists($username, $password)
{
$key = $this->config->item('encryption_key');
$salt1 = hash('sha512', $key . $password);
$salt2 = hash('sha512', $password . $key);
$hashed_password = hash('sha512', $salt1 . $password . $salt2);
$query_active = $this
->db->where('username', $username)
->where('password', $hashed_password)
->limit(1)
->get('user');
if ($query_active->num_rows > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
Thanks in advance for any advice!