Hi, I want to modify a website-login-system (PHP) to check passwords which are deocoded with SSHA. My script should compare the clear password, which I get from a FORM, with the SSHA-hash of the password, which is in the database (MySQL). The dates in the MySQL-DB comes from a LDAP. This is my script:
<?php $password_sub = "test"; //Das Passwort erhalte ich über ein HTML-Formular $passsowrd_hash_db = base64_decode("e1NTSEF9aH...."); //Diesen base64-Hash erhalte ich aus der Datenbank. //Er wird gleich decodiert, da man daraus das $salt benötigt. //Dann hat er die Form {SSHA}hxtMi.... $salt = base64_decode(substr($passsowrd_hash_db , 32)); //Berechnung des $salt $hash = "{SSHA}" . base64_encode(pack("H*", sha1($password_sub.$salt)).$salt); ?>
But the script doesn't work, because the generated hash isn't the same as the hash from the database.
But I don't now, what's wrong?
May someone help me?
m@xx