I am at a loss for what is happening here -- because depending on which user I check, there isn't necessarily something wrong at all. Here's the database in question's structure:
userID password salt
VARCHAR(7) VARCHAR(64) VARCHAR(64)
Note: password and salt are sha256 hashes.
And relevant code (all data is transmitted over SSL):
$pass = $_POST['pass'];
$user = $_POST['user'];
$query = 'SELECT password, salt FROM `Passwords` WHERE userID="'.$user.'";';
$result = mysql_query($query);
$passHash = mysql_result($result,0,"password");
$salt = mysql_result($result,0,"salt");
$pass = hash("sha256",$salt.$pass);
if($pass==$passHash) {/*Allow Login*/}
Not all users have chosen a password, and my organization has historically used ZIP codes (I know...) in place of a proper password, so the code does make some exceptions for that, but all of those users can all login just fine. It's (only some) members with passwords that can't login, because $salt is returning blank for some reason (but I'm not getting any MySQL errors, either). I have checked the database through phpMyAdmin while running debug attempts, but there's no obvious error.
Any idea why it's coming up blank for some users but not others? Is this a PHP problem, a MySQL problem, or an I'm-a-blind-idiot problem?
