[Date Prev][Date Next] [Chronological] [Thread] [Top]

{SSHA} for PHP



Hi,
I want to modify a website-login-system (PHP) to check passwords which are deocoded with SSHA.
My script should compare the clear password, which I get from a FORM, with the SSHA-hash of the password, which is in the database (MySQL). The dates in the MySQL-DB comes from a LDAP.
This is my script:


<?php
$password_sub = "test";
//Das Passwort erhalte ich über ein HTML-Formular
$passsowrd_hash_db = base64_decode("e1NTSEF9aH....");
//Diesen base64-Hash erhalte ich aus der Datenbank.
//Er wird gleich decodiert, da man daraus das $salt benötigt.
//Dann hat er die Form {SSHA}hxtMi....
$salt = base64_decode(substr($passsowrd_hash_db , 32));
//Berechnung des $salt
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($password_sub.$salt)).$salt);
?>


But the script doesn't work, because the generated hash isn't the same as the hash from the database.

But I don't now, what's wrong?

May someone help me?

m@xx