0

I have the following encryption on the password when a user registers:

public function actionCreate()
{
  $model=new Users;

  // Uncomment the following line if AJAX validation is needed
  // $this->performAjaxValidation($model);

  if(isset($_POST['Users']))
  {
    $model->attributes=$_POST['Users'];
    // how many times the string will be hashed 
    $rounds = 10000; 
    // @todo Use real salt here. 
    $salt = 'salt'; 
    // pass in the password, the number of rounds, and the salt 
    // $5$ specifies SHA256-CRYPT, use $6$ if you really want SHA512 
    $model->PassWord=crypt($model->PassWord, sprintf('$6$rounds=%d$%s$',        $rounds, $salt));
    if($model->save())
      $this->redirect(array('view','id'=>$model->users_id));
  }

  $this->render('create',array(
    'model'=>$model,
  ));
}

Now I know the code I need to change to authenticate users is this:

else if($user->PassWord!==$this->password)

and if I was using the crypt method I would normally use this:

else if($user->PassWord!==crypt($this->password,'salt'))

How do I change the login script to use sha512?

Nisse Engström
  • 4,738
  • 23
  • 27
  • 42
Sam Roberts
  • 175
  • 12
  • So what's your actual question / problem? The code shown doesn't seem to match your title or the description. Going by the title, you can't "unencrypt" SHA-512 as it's not encrypted, it's a hash, and as such is one-way. – Jonnix May 03 '15 at 19:14
  • possible duplicate of [Is it possible to reverse a sha1?](http://stackoverflow.com/questions/2235079/is-it-possible-to-reverse-a-sha1) – Artjom B. May 03 '15 at 19:14
  • Or maybe: [Difference between Hashing a Password and Encrypting it](http://stackoverflow.com/questions/326699/difference-between-hashing-a-password-and-encrypting-it) – Artjom B. May 03 '15 at 19:17
  • Sorry totally misssed the actual question, Its for a password login. I thought that this would be the method i would use the sha512 encrypt and salt. (whitch it does) i just need to match the password when logging in. – Sam Roberts May 03 '15 at 19:18
  • Depending on your PHP version, I suggest using PHP's built-in password API [here](http://php.net/manual/en/book.password.php). – Jonnix May 04 '15 at 15:16

1 Answers1

0

You should use the same parameters as in the password hashing from the create:

$rounds = 10000;
$salt = 'salt';
if($user->PassWord !== crypt($this->password, sprintf('$6$rounds=%d$%s$', $rounds, $salt)))
topher
  • 14,790
  • 7
  • 54
  • 70