PHP secure logon script - md5 hash is not matching the hash i wrote to the database in a previous script?

Question

I am trying to cobble together a login script in PHP as a learning project.

This is the code for my database write when the user registers. Both of these values are written to the database.

 $this->salt = md5(uniqid());
 $this->password = md5($password.$salt);

Upon logging in, the following function is fired.

function challengeLogin($submittedPassword, $publicSalt, $storedPassword){
    if(md5($submittedPassword.$publicSalt) == $actualPassword){
        return 0;
    }else{
        return 1;
    };
}

Unfortunately, on stepping through my code, the two values have never equaled. Can someone help me understand why?

Answer 1

Compare the raw values before it gets hashed with some basic echo statements. Either the salt is wrong, your password is wrong, or the hash somehow got screwed up.

Answer 2

I think the problem in your code is that the $salt variable is undefined, so it is empty. You should use $this->salt

Change

$this->password = md5($password.$salt);

to

$this->password = md5($password.$this->salt);