query("truncate Hashes"); $db->query("truncate Users"); //generate salts $userSalt = hash("sha256", $ah.rand().time()); $hashSalt = hash("sha256", $ah.rand().time().$ah); //generate hashes $hashHash = hash("sha256", $ah.$password.$userSalt); $userHash = hash("sha256", $ah.$password.$hashSalt); //create queries $user = 'insert into users (uid, username, hash, salt) values (null, "test", "'.$userHash.'", "'.$userSalt.'")'; $hash = 'insert into hashes (hash, salt) values ("'.$hashHash.'", "'.$hashSalt.'")'; //run queries $db->query($user); $db->query($hash); } function lookup() { GLOBAL $db; $ah = "7850c8b6d247c232bd206804be02d04df499335cac0f67bb7addb6d362c79f56"; // 64 chars $password = "12345"; $user = $db->getObj("select * from Users where username = 'test'"); $check = $ah.$password.$user->salt; $hash = hash("sha256", $check); $hashSalt = $db->getObj("select * from Hashes where hash = '$hash'")->salt; if ($user->hash == hash("sha256", $ah.$password.$hashSalt)) { echo "true\n"; } else { echo "false\n"; } } ?>