Monday, 15 July 2013

php - password_verify doesn't verify hash -



php - password_verify doesn't verify hash -

i hash inserted passwords via password_hash. verify them using password_verify.

however when insert hashed password in database , seek verify it, both outputs differ eachother.

my pages following,

main_login.php (form):

<?php include 'header.php';?> <body> <form role="form" method="post" action="login.php"> <div class="form-group"> <label for="usrname">username:</label> <input type="text" class="form-control" name="usrname" placeholder="enter username"> </div> <div class="form-group"> <label for="passwrd">password:</label> </div> <input type="password" class="form-control" name="passwrd" placeholder="enter password"> <br> <input type="checkbox">remember me <br> <br> <button type="submit" class="btn btn-default">submit</button> </form> </body> </html>

login.php (handler):

<?php include 'vars.php'; include 'header.php'; $sql="select * members usrname='$usrname'"; $result=mysqli_query($con,$sql); $count=mysqli_num_rows($result); $row=mysqli_fetch_row($result); $verify=password_verify($hash,$row[2]); if($verify){ $_session["usrname"]=$usrname; echo "correct"; } else { echo "user: " . $usrname. "<br>"; echo "pass: " . $hash. "<br>"; echo "db: " . $row[2]."<br>"; echo "wrong username or password"; } ?>

vars.php:

<?php $h='localhost';$u='caelin';$p='ffantasy';$d='ombouwnh'; $con=mysqli_connect($h,$u,$p,$d); $usrname=$_post['usrname']; $passwrd=$_post['passwrd']; $hash=password_hash($passwrd, password_default); ?>

when seek login using username 'caca' , password 'caca' different output both, everytime retry. can't find particular problem on stackoverflow.

tia

ps. if need more details, inquire them

the function password_verify(); takes 2 parameters; non-hashed input, , stored hash compare to. hashes non-hashed input automatically compared stored version. initial code re-hashing hashed password. should this:

$verify=password_verify($_post['passwrd'],$row[2]); if($verify){ $_session["usrname"]=$usrname; echo "correct"; } else { echo "user: " . $usrname. "<br>"; echo "pass: " . $hash. "<br>"; echo "db: " . $row[2]."<br>"; echo "wrong username or password"; }

php hash verification password-encryption

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)