Jump to content

Search the Community

Showing results for tags 'password_hash'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 3 results

  1. I have been working on a login form, I have completed the registration side but the login form is proving to be fighting back. I have just jumped into the world of PDO and only recently PHP in a serious way. I have been trying to use the password_verify(); function but I have spent so long on it now trying to get it working I have made it more difficult than it should be and probably is. I would be grateful if someone could take a look at my code and just tell me what I am doing wrong. I have tested it with the username and password hard coded in and it returns an array however if I comment out the hard coded username and password I get an empty array. I dare say that someone will see the issue straight away but I cannot get my head round it. <?php session_start(); error_reporting(0); require '../php_inc/connection/connect.php'; require_once '../php_inc/functions.php'; $error = ''; // all error messages will use this variable $msg = 'Please fill in both fields and answer the captcha, they are all required to log in.'; if(isset($_POST['submitted'])){ $dbuname = 'dashby'; // As if check with DB - If I comment these 2 out and try to get data from DB I get empty array $hashed = '$2y$12$7hcyfm7UjboYGaNLF7vK1.qroo3YkvhKAR8EfxG1byEMkNB0oSQgi'; // As if check with DB - same password require 'Captcha.php'; $username = escape_in($_POST['username']); // Username $captcha = escape_in($_POST['captchaResult']); //Captcha $unhashed = escape_in($_POST['password']); //Password b4 hashing takes place //$submittedPassword = password_hash($unhashed, PASSWORD_DEFAULT, ['cost' => 12]); // connect to the database so the checks can be done. if($pdo){ $stmt = $pdo->prepare("select * from users where username = :username && password = :password"); $stmt->bindParam(":username", $username); $stmt->bindParam(":password", $unhashed); // If $hashed is the variable I get an array returned, as $unhashed I get an empty array echo '<pre>'; if($stmt->execute()){ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); print_r($rows); } } echo '</pre>'; if($total == $getCaptchaResults){ //Capcha OK if(password_verify($unhashed, $hashed)){ //$msg = ''; //$error .= 'Password match'; if($username == $dbuname){ //$msg = ''; //$error .= 'Captcha, username and password ok'; // working to this point $_SESSION['username']; //header('Location: welcomelogged.php'); } else { $msg = ''; $error .= 'Denied wrong username and/or password'; } } else { $msg = ''; $error .= 'Denied wrong password and/or username'; } } else { if(($total != $getCaptchaResults)){ $msg = ''; $error .= 'Captcha Wrong'; } } }// post submitted brace ?> The if statements all work bar the password_verify when I comment out the hard coded variables out, directly under if(isset($_POST['submitted'])) {} I would be grateful if someone could steer me in the right direction. Thanks in advance.
  2. I have an old website with users and password (not hashed) and want to import them into mysql, then run a script to create a new user_password_hash and update the database: what I tried is something like this: require 'application/config/config.php'; #Define Connection String Using PDO. $dbh = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8',DB_USER,DB_PASS); $sth = $dbh->prepare("SELECT user_id, password, user_password_hash FROM users"); $sth->execute(); $result = $sth->fetchAll(); foreach($result as $key => $value) { $query = "UPDATE users SET user_password_hash = password_hash('result.password', PASSWORD_DEFAULT) WHERE user_id = 'result.user_id'"; } echo 'Done'; but not working tried it a few different ways but unsuccessfully frustrating, new to php, used cfm in the past, trying to get my php feet wet !!! any suggestions are appreciated !!!
  3. Hi I'm quite newbie with php. Im trying to add password change to existing login script and stuck on a problem with password change code. May be someone could help me out here please. Can't figure out where is the problem, why it doesn't insert the hashed password - getting some error after submit ( blank page). i noticed problem is between lines 32 and 47 I've tried with md5 and it worked (inserted md5 pwd into DB) but my login don't recognise md5 as it reads password_hash passwords. <?php session_start(); include('menu.php'); require_once('../config/db.php'); //strip and trim slashes function clear($message) { if(!get_magic_quotes_gpc()) $message = addslashes($message); $message = strip_tags($message); $message = htmlentities($message); return trim($message); } // include the configs / constants for the database connection $con = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect: " . mysql_error()); mysql_select_db(DB_NAME); if(!$_GET['user_id']) { $query = mysql_query("SELECT * FROM users ORDER BY user_id DESC") or die(mysql_error()); } else { if ($_POST['submit']) { $user_name = clear($_POST['user_name']); $user_fname = clear($_POST['user_fname']); $user_lname = clear($_POST['user_lname']); $user_id = $_GET['user_id']; $user_password = $_POST['newpassword']; $newpassword = $_POST['newpassword']; $repeatnewpassword = $_POST['repeatnewpassword']; // crypt the user's password with PHP 5.5's password_hash() function, results in a 60 character // hash string. the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using // PHP 5.3/5.4, by the password hashing compatibility library $user_password_hash = password_hash($newpassword, PASSWORD_DEFAULT); //check two new passwords if ($newpassword==$repeatnewpassword) { //successs //change password in db mysql_query("UPDATE users SET user_password_hash='$newpassword', user_name='$user_name', user_fname='$user_fname', user_lname='$user_lname' WHERE user_id='$user_id'"); mysql_close(); die("Your password has been changed. <a href='index.php'> Return</a>"); } else die("New password doesn't match!"); } else { $user_id = $_GET['user_id']; $query = mysql_query("SELECT * FROM users WHERE user_id='$user_id'"); $row = mysql_fetch_assoc($query); ?> <form action="?user_id=<?php echo $row['user_id']; ?>" method="post"> <input type="hidden" name="ID" value="<?php echo $row['user_id']; ?>"> user ID: <input type="text" name="user_name" value="<?php echo $row['user_name']; ?>"><br> First Name: <input type="text" name="user_fname" value="<?php echo $row['user_fname']; ?>"><br> Last Name: <input type="text" name="user_lname" value="<?php echo $row['user_lname']; ?>"><br> New Password: <input type='password' name='newpassword'><p> Repeat New Password: <input type='password' name='repeatnewpassword'><p> <input type="Submit" name="submit" value="Enter information"> </form> <?php }} ?> thanks!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.