PHPnewbie25
New Member
- Messages
- 17
- Reaction score
- 0
- Points
- 1
after developing a function register form i went to test the login where the passwords entered are not recognised even though they are right as i created them to test the register form. I read about having to store the salt within the db next to the password, I've been looking for examples on how to do this but i just find different methods of security anyone have an idea of how i could store the salt the code below is what i use to create the security.
PHP:
/hmac
$hmac = hash_hmac('sha512', $password1, file_get_contents('textfiles/key.txt'));
//bytes for salt
$bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
//salt
$salt = strtr(base64_encode($bytes), '+', '.');
//make bcrypt 22 characters
$salt = substr($salt, 0, 22);
//hashed password
$bcrypt = crypt($hmac, '$2y$12$' . $salt);
$token = md5($bcrypt);