Search the Community
Showing results for tags 'password_hash'.
-
I have been working on a login form, I have completed the registration side but the login form is proving to be fighting back. I have just jumped into the world of PDO and only recently PHP in a serious way. I have been trying to use the password_verify(); function but I have spent so long on it now trying to get it working I have made it more difficult than it should be and probably is. I would be grateful if someone could take a look at my code and just tell me what I am doing wrong. I have tested it with the username and password hard coded in and it returns an array however if I comment out the hard coded username and password I get an empty array. I dare say that someone will see the issue straight away but I cannot get my head round it. <?php session_start(); error_reporting(0); require '../php_inc/connection/connect.php'; require_once '../php_inc/functions.php'; $error = ''; // all error messages will use this variable $msg = 'Please fill in both fields and answer the captcha, they are all required to log in.'; if(isset($_POST['submitted'])){ $dbuname = 'dashby'; // As if check with DB - If I comment these 2 out and try to get data from DB I get empty array $hashed = '$2y$12$7hcyfm7UjboYGaNLF7vK1.qroo3YkvhKAR8EfxG1byEMkNB0oSQgi'; // As if check with DB - same password require 'Captcha.php'; $username = escape_in($_POST['username']); // Username $captcha = escape_in($_POST['captchaResult']); //Captcha $unhashed = escape_in($_POST['password']); //Password b4 hashing takes place //$submittedPassword = password_hash($unhashed, PASSWORD_DEFAULT, ['cost' => 12]); // connect to the database so the checks can be done. if($pdo){ $stmt = $pdo->prepare("select * from users where username = :username && password = :password"); $stmt->bindParam(":username", $username); $stmt->bindParam(":password", $unhashed); // If $hashed is the variable I get an array returned, as $unhashed I get an empty array echo '<pre>'; if($stmt->execute()){ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); print_r($rows); } } echo '</pre>'; if($total == $getCaptchaResults){ //Capcha OK if(password_verify($unhashed, $hashed)){ //$msg = ''; //$error .= 'Password match'; if($username == $dbuname){ //$msg = ''; //$error .= 'Captcha, username and password ok'; // working to this point $_SESSION['username']; //header('Location: welcomelogged.php'); } else { $msg = ''; $error .= 'Denied wrong username and/or password'; } } else { $msg = ''; $error .= 'Denied wrong password and/or username'; } } else { if(($total != $getCaptchaResults)){ $msg = ''; $error .= 'Captcha Wrong'; } } }// post submitted brace ?> The if statements all work bar the password_verify when I comment out the hard coded variables out, directly under if(isset($_POST['submitted'])) {} I would be grateful if someone could steer me in the right direction. Thanks in advance.
- 20 replies
-
- password_verify
- password_hash
-
(and 3 more)
Tagged with:
-
I have an old website with users and password (not hashed) and want to import them into mysql, then run a script to create a new user_password_hash and update the database: what I tried is something like this: require 'application/config/config.php'; #Define Connection String Using PDO. $dbh = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8',DB_USER,DB_PASS); $sth = $dbh->prepare("SELECT user_id, password, user_password_hash FROM users"); $sth->execute(); $result = $sth->fetchAll(); foreach($result as $key => $value) { $query = "UPDATE users SET user_password_hash = password_hash('result.password', PASSWORD_DEFAULT) WHERE user_id = 'result.user_id'"; } echo 'Done'; but not working tried it a few different ways but unsuccessfully frustrating, new to php, used cfm in the past, trying to get my php feet wet !!! any suggestions are appreciated !!!
-
Hi I'm quite newbie with php. Im trying to add password change to existing login script and stuck on a problem with password change code. May be someone could help me out here please. Can't figure out where is the problem, why it doesn't insert the hashed password - getting some error after submit ( blank page). i noticed problem is between lines 32 and 47 I've tried with md5 and it worked (inserted md5 pwd into DB) but my login don't recognise md5 as it reads password_hash passwords. <?php session_start(); include('menu.php'); require_once('../config/db.php'); //strip and trim slashes function clear($message) { if(!get_magic_quotes_gpc()) $message = addslashes($message); $message = strip_tags($message); $message = htmlentities($message); return trim($message); } // include the configs / constants for the database connection $con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect: " . mysql_error()); mysql_select_db(DB_NAME); if(!$_GET['user_id']) { $query = mysql_query("SELECT * FROM users ORDER BY user_id DESC") or die(mysql_error()); } else { if ($_POST['submit']) { $user_name = clear($_POST['user_name']); $user_fname = clear($_POST['user_fname']); $user_lname = clear($_POST['user_lname']); $user_id = $_GET['user_id']; $user_password = $_POST['newpassword']; $newpassword = $_POST['newpassword']; $repeatnewpassword = $_POST['repeatnewpassword']; // crypt the user's password with PHP 5.5's password_hash() function, results in a 60 character // hash string. the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using // PHP 5.3/5.4, by the password hashing compatibility library $user_password_hash = password_hash($newpassword, PASSWORD_DEFAULT); //check two new passwords if ($newpassword==$repeatnewpassword) { //successs //change password in db mysql_query("UPDATE users SET user_password_hash='$newpassword', user_name='$user_name', user_fname='$user_fname', user_lname='$user_lname' WHERE user_id='$user_id'"); mysql_close(); die("Your password has been changed. <a href='index.php'> Return</a>"); } else die("New password doesn't match!"); } else { $user_id = $_GET['user_id']; $query = mysql_query("SELECT * FROM users WHERE user_id='$user_id'"); $row = mysql_fetch_assoc($query); ?> <form action="?user_id=<?php echo $row['user_id']; ?>" method="post"> <input type="hidden" name="ID" value="<?php echo $row['user_id']; ?>"> user ID: <input type="text" name="user_name" value="<?php echo $row['user_name']; ?>"><br> First Name: <input type="text" name="user_fname" value="<?php echo $row['user_fname']; ?>"><br> Last Name: <input type="text" name="user_lname" value="<?php echo $row['user_lname']; ?>"><br> New Password: <input type='password' name='newpassword'><p> Repeat New Password: <input type='password' name='repeatnewpassword'><p> <input type="Submit" name="submit" value="Enter information"> </form> <?php }} ?> thanks!