+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Lounge (https://forum.codeigniter.com/forumdisplay.php?fid=3)
+--- Thread: Difficulty using BCrypt! (/showthread.php?tid=74002)
Difficulty using BCrypt! - dreamweaver - 07-05-2019
Hi,
I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?
I won't paste all the code, just sections that are for the password.
Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.
LOGIN
PHP Code:
$sql = "SELECT * FROM user WHERE email = '".$this->email."'";
$query = $this->db->query($sql);
if ($query) {
foreach ($query->result() as $row) {
echo $this->password . "<br>";
echo $row->password . "<br>";
var_dump(password_verify($this->password, $row->password));
if(password_verify($this->password, $row->password)) {
echo 'The password is correct';
exit();
}
}
}
else {
echo 'query failed!';
}
REGISTER
PHP Code:
$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]);
My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.
RE: Difficulty using BCrypt! - dreamweaver - 07-05-2019
Hey, so after restarting my computer it has decided it will start to work. No idea why, often find myself fixing things with no idea what I did since I tested it step by step.
The only thing I can think of is that the browser is caching the website, or something like that. I really don't know.
RE: Difficulty using BCrypt! - jreklund - 07-05-2019
You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.
RE: Difficulty using BCrypt! - dreamweaver - 07-06-2019
(07-05-2019, 11:11 PM)jreklund Wrote: You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.
Ah thanks dude! That's a big help!
RE: Difficulty using BCrypt! - InsiteFX - 07-06-2019
Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)
RE: Difficulty using BCrypt! - arbkami - 03-27-2020
(07-05-2019, 01:11 PM)dreamweaver Wrote: Hi,
I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use kroger bonus 50 fuel pt survey the non hashed password from the login form, use some method magic, and hey, it should work, right?
I won't paste all the code, just sections that are for the password.
Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.
LOGIN
PHP Code:$sql = "SELECT * FROM user WHERE email = '".$this->email."'";
$query = $this->db->query($sql);
if ($query) {
foreach ($query->result() as $row) {
echo $this->password . "<br>";
echo $row->password . "<br>";
var_dump(password_verify($this->password, $row->password));
if(password_verify($this->password, $row->password)) {
echo 'The password is correct';
exit();
}
}
}
else {
echo 'query failed!';
}
REGISTER
PHP Code:$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]);
My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.
I too faced the same issue but the solution provided by jre kland had really helped me.
Thanks dude for your clarification.