[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
{SSHA} for PHP
Hi,
I want to modify a website-login-system (PHP) to check passwords which
are deocoded with SSHA.
My script should compare the clear password, which I get from a FORM,
with the SSHA-hash of the password, which is in the database (MySQL).
The dates in the MySQL-DB comes from a LDAP.
This is my script:
<?php
$password_sub = "test";
//Das Passwort erhalte ich über ein HTML-Formular
$passsowrd_hash_db = base64_decode("e1NTSEF9aH....");
//Diesen base64-Hash erhalte ich aus der Datenbank.
//Er wird gleich decodiert, da man daraus das $salt benötigt.
//Dann hat er die Form {SSHA}hxtMi....
$salt = base64_decode(substr($passsowrd_hash_db , 32));
//Berechnung des $salt
$hash = "{SSHA}" . base64_encode(pack("H*",
sha1($password_sub.$salt)).$salt);
?>
But the script doesn't work, because the generated hash isn't the same
as the hash from the database.
But I don't now, what's wrong?
May someone help me?
m@xx