Login

dreamweaver · 07-05-2019, 01:11 PM

Hi,

I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?

I won't paste all the code, just sections that are for the password.

Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.

LOGIN

PHP Code:
$sql = "SELECT * FROM user WHERE email = '".$this->email."'";
            $query = $this->db->query($sql);
            if ($query) {
                foreach ($query->result() as $row) {
                    echo $this->password . "<br>";
                    echo $row->password . "<br>";
                    var_dump(password_verify($this->password, $row->password));
                    if(password_verify($this->password, $row->password)) {
                        echo 'The password is correct';
                        exit();
                    } 
                }
            } 
            else {
                echo 'query failed!';
            }
         

REGISTER

PHP Code:
$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]); 

My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.

dreamweaver · 07-05-2019, 01:40 PM

Hey, so after restarting my computer it has decided it will start to work. No idea why, often find myself fixing things with no idea what I did since I tested it step by step.

The only thing I can think of is that the browser is caching the website, or something like that. I really don't know.

***jreklund*** · 07-05-2019, 11:11 PM

You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.

dreamweaver · 07-06-2019, 07:50 AM

(07-05-2019, 11:11 PM)jreklund Wrote: You need to change _all_ your SQL. You are open to SQL Injection.
Please use Query Builder Class or Query Bindings before anyone hacks your site or just drop all your data.

Ah thanks dude! That's a big help!

InsiteFX · 07-06-2019, 08:12 AM

Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)

arbkami · (This post was last modified: 03-30-2020, 11:50 PM by arbkami.)

(07-05-2019, 01:11 PM)dreamweaver Wrote: Hi,

I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use kroger bonus 50 fuel pt survey the non hashed password from the login form, use some method magic, and hey, it should work, right?

I won't paste all the code, just sections that are for the password.

Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.

LOGIN

PHP Code:
$sql = "SELECT * FROM user WHERE email = '".$this->email."'"; $query = $this->db->query($sql); if ($query) { foreach ($query->result() as $row) { echo $this->password . "<br>"; echo $row->password . "<br>"; var_dump(password_verify($this->password, $row->password)); if(password_verify($this->password, $row->password)) { echo 'The password is correct'; exit(); } } } else { echo 'query failed!'; }

REGISTER

PHP Code:
$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]);

My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.

I too faced the same issue but the solution provided by jre kland had really helped me.

Thanks dude for your clarification.

Login
Username:
Password:	Lost Password?
	Remember me