I have a existing table with hash pasword using hash_pbkdf2. For user registration, it success insert into mysql
$string = mcrypt_create_iv(24, MCRYPT_DEV_URANDOM);
$salt = strtoupper(bin2hex($string));
$hash = hash_pbkdf2("sha1", $data['password'], $string, 1000, 24, true);
$hash = strtoupper(bin2hex($hash));
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'hashedpassword' => $hash,
'salt' => $salt,
]);
I having trouble to log in using it. here is my code
$found_salt = DB::table('users')->where('email', 'sicksand@gmail.com')->first();
$salt = $found_salt->salt;
echo "Salt : ".$salt."<br>";
$hash = hash_pbkdf2("sha1", "password", $salt, 1000, 24, true);
$hash = strtoupper(bin2hex($hash));
$userlogin = [
'email' => "icksand@gmail.com",
'hashedpassword' => $hash
];
echo "Hash : ".$hash."<br>";
if(Auth::attempt($userlogin)) {
echo "success";
} else {
echo "not success";
}
The salt value is the same but the hash value does not match. Hoping someone can help. Thanks.
In your first code block you salt your password with the value of $string instead of $salt, but store $salt to the database.
So I think you need to change this in your first code block:
$hash = hash_pbkdf2("sha1", $data['password'], $string, 1000, 24, true);
to
$hash = hash_pbkdf2("sha1", $data['password'], $salt, 1000, 24, true);