Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
-- Create a mySQL table to hold hashed passwords and random salt
-- SQL create script for for table `users`
`user_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
`email` varchar(30) NOT NULL,
`reg_date` date NOT NULL,
`fname` varchar(20) DEFAULT NULL,
`lname` varchar(20) DEFAULT NULL,
`salt` char(21) NOT NULL,
`password` char(60) NOT NULL,
PRIMARY KEY (`user_id`),
UNIQUE KEY `email` (`email`)
) ;
// PHP code required by both registration and validation
CRYPT_BLOWFISH or die ('No Blowfish found.');
$link = mysql_connect('localhost', 'wpscanner', 'aUvmxcxvTUPtW8Kw')
or die('Not connected : ' . mysql_error());
mysql_select_db('wpscanner', $link)
or die ('Not selected : ' . mysql_error());
$password = mysql_real_escape_string($_GET['password']);
$email = mysql_real_escape_string($_GET['email']);
//This string tells crypt to use blowfish for 5 rounds.
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
// PHP code you need to register a user
// Blowfish accepts these characters for salts.
$Allowed_Chars =
$Chars_Len = 63;
// 18 would be secure as well.
$Salt_Length = 21;
$mysql_date = date( 'Y-m-d' );
$salt = "";
for($i=0; $i&lt;$Salt_Length; $i++)
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$hashed_password = crypt($password, $bcrypt_salt);
$sql = 'INSERT INTO users (reg_date, email, salt, password) ' .
"VALUES ('$mysql_date', '$email', '$salt', '$hashed_password')";
mysql_query($sql) or die( mysql_error() );
// Now to verify a user’s password
$sql = "SELECT salt, password FROM users WHERE email='$email'";
$result = mysql_query($sql) or die( mysql_error() );
$row = mysql_fetch_assoc($result);
$hashed_pass = crypt($password, $Blowfish_Pre . $row['salt'] . $Blowfish_End);
if ($hashed_pass == $row['password']) {
echo 'Password verified!';
} else {
echo 'There was a problem with your user name or password.';
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.