- Reaction score
after developing a function register form i went to test the login where the passwords entered are not recognised even though they are right as i created them to test the register form. I read about having to store the salt within the db next to the password, I've been looking for examples on how to do this but i just find different methods of security anyone have an idea of how i could store the salt the code below is what i use to create the security.
/hmac $hmac = hash_hmac('sha512', $password1, file_get_contents('textfiles/key.txt')); //bytes for salt $bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM); //salt $salt = strtr(base64_encode($bytes), '+', '.'); //make bcrypt 22 characters $salt = substr($salt, 0, 22); //hashed password $bcrypt = crypt($hmac, '$2y$12$' . $salt); $token = md5($bcrypt);