All geek questions in one place

PHP password check always returns false

I use the hash php hashing API and check my passwords on the site I create, however whenever I try to verify my password, it always returns false.

I have a custom class that sets a password before pasting into the database:

public function set__password($passwd) {
    self::$password = password_hash($passwd, PASSWORD_BCRYPT, array('cost' => 12));
}

If the username and email address are unique, a new user line is added - when checking my database, I have what seems like the correct BCRYPT line for my password:

$2y$12$lTMEP0wevDEMX0bzStzoyOEzOTIAi3Hyhd3nYjGwzbI

To verify my password, I run the following script:

$username = $_POST['username'];
$password = $_POST['password'];

$DB = Database::getInstance();

// Get the stored password hash
$res = $DB->run__query('SELECT password FROM users WHERE username = "' . $username . '"');
$hash = $res[0]['password'];


// Do the passwords match?
if(password_verify($password, $hash)) {
    echo 'success';
} else {
    echo 'failed';
}

$hashrefers to the line above, however, when I then call password_verify($password, $hash)where $passwordis the plaintext password obtained from my input field, I always get false.

API , , !

, .

+5
3

50 60. - CHAR (60) - var_dump ($ ).

+13

, , , , , var_dump(), , ,

if(isset($_POST['submit'])){
    include 'database.php';
$uid = mysqli_real_escape_string($conn,$_POST['uid']);
$pass = mysqli_real_escape_string($conn,$_POST['pass']);

$query = "SELECT * FROM user WHERE username ='$uid'";
$tbl = mysqli_query($conn, $query);
if (mysqli_num_rows($tbl)>0){

    $row = mysqli_fetch_array($tbl, MYSQLI_ASSOC);
    $hash = $row['password'];
     if (password_verify($pass, $hash)){
         echo "success";
     }
     else {
         echo "log in error";
     }

}
}
0

Another problem you may encounter is when you reduce server costs to increase time.

Always use password_hash ($ pass, PASSWORD_DEFAULT), this is the best way.

0
source

Source: https://habr.com/ru/post/1548360/

More articles:


All Articles