Hello PHP freak members I learn how to ecrypt my password using the blow fish method but I'm having trouble decypting the password. Is there anyone that can over see the problem that I'm having?
Sample ecrypted password > $2y$09$Q5klufp7bj6iuBA3dHpz5.fLN1sLzeGKE7nuXKunLMKKvE.rZtSTW
Original password > 1234
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if(isset ($_SESSION['id'])){
header('location: profile.php');
} else {
if($_POST['submit']){
include "connect_prompt/connect_query.php";
$email = mysqli_real_escape_string($db_conx,$_POST['email']);
$password_one = $_POST['password_one'];
///////////////// Blow Fish ///////////////////////////////////
function cryptPass($input, $rounds = 9){
$salt = "";
$saltChars = array_merge(range('A','Z'),range('a','z'),range(0,9));
for($i = 0; $i < 22; $i++){
$salt .= $saltChars[array_rand($saltChars)];
}
return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
}
$password_one = $_POST['password_one'];
$password = $_POST['password'];
$hashedPass = cryptPass($password);
if(crypt($password_one, $hashedPass) == $hashedPass){
///////////////// Blow Fish ///////////////////////////////////
$sql = "SELECT id, email, password FROM customer WHERE email='$email' AND password='$password_one' LIMIT 1";
$query = mysqli_query ($db_conx, $sql);
if($query){
$row = mysqli_fetch_row($query);
$userID = $row[0];
$db_email = $row[1];
$db_password = $row[2];
}
if($email == $db_email && $password_one == $db_password){
$_SESSION['email'] = $email;
$_SESSION['id'] = $userID;
header("location: profile.php");
} else {
echo "Sorry, Username or Password was incorrect";
}
}
}
}
?>
<form
action="login.php" method="POST">
<input type="email" name="email" id="email" placeholder="
[email protected]" />
<br/><br/>
<input type="password" name="password_one" id="password_one" placeholder=" ********" />
<br/><br/>
<input type="submit" name="submit" value="SIGN IN" />
</form>