07-05-2019, 01:11 PM
Hi,
I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?
I won't paste all the code, just sections that are for the password.
Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.
LOGIN
REGISTER
My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.
I am trying to use bcrypt and I know that the hash is always different when the bcrypt is used, but I am told that I should get the hashed password from the database, and use the non hashed password from the login form, use some method magic, and hey, it should work, right?
I won't paste all the code, just sections that are for the password.
Well, for me that isn't the case and I was wondering if you can take a look my code below. Also its not complete, some things you will see just to test.
LOGIN
PHP Code:
$sql = "SELECT * FROM user WHERE email = '".$this->email."'";
$query = $this->db->query($sql);
if ($query) {
foreach ($query->result() as $row) {
echo $this->password . "<br>";
echo $row->password . "<br>";
var_dump(password_verify($this->password, $row->password));
if(password_verify($this->password, $row->password)) {
echo 'The password is correct';
exit();
}
}
}
else {
echo 'query failed!';
}
REGISTER
PHP Code:
$this->password = password_hash($this->password, PASSWORD_DEFAULT, ['cost' => 15]);
My return is always false. Is this looking correct and there is something wrong on my part, or am I generally just not doing this right.