• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Difficulty using BCrypt!

#1
Hi,

I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?

I won't paste all the code, just sections that are for the password.

Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.

LOGIN
PHP Code:
$sql "SELECT * FROM user WHERE email = '".$this->email."'";
 
           $query $this->db->query($sql);
 
           if ($query) {
 
               foreach ($query->result() as $row) {
 
                   echo $this->password "<br>";
 
                   echo $row->password "<br>";
 
                   var_dump(password_verify($this->password$row->password));
 
                   if(password_verify($this->password$row->password)) {
 
                       echo 'The password is correct';
 
                       exit();
 
                   
 
               }
 
           
 
           else {
 
               echo 'query failed!';
 
           }
 
        


REGISTER
PHP Code:
$this->password password_hash($this->passwordPASSWORD_DEFAULT, ['cost' => 15]); 

My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.
Reply

#2
Hey, so after restarting my computer it has decided it will start to work. No idea why, often find myself fixing things with no idea what I did since I tested it step by step.

The only thing I can think of is that the browser is caching the website, or something like that. I really don't know.
Reply

#3
You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.
Reply

#4
(07-06-2019, 12:11 AM)jreklund Wrote: You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.

Ah thanks dude! That's a big help!
Reply

#5
Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.