error with password_verify()

Asked

Viewed 201 times

0

good afternoon I’m having a problem in using the password_verif() it is not checking correctly to log in, it is falling right into the else with msg "incorrect password". someone could help me?

functions:

private function compararSenha($hash){
    return password_verify($this->getSenha(), $hash);
}

private function findEmail($campo){
    $consulta = parent::select($campo, 'funcionario', 'WHERE email = ?', 's', array($this->getEmail()));
    $result = $consulta->fetch_object();

    if($consulta->num_rows > 0){
        if($campo == 'senha'){
            return $result->senha;
        }else if($campo == 'email'){
            return true;
        }
    }else{
        return false;
    }

}

public function logar(){
    $msgResult = array();
    $resultSearchPass = $this->findEmail('senha');

    if($resultSearchPass){
        if($this->compararSenha($this->getSenha(), $resultSearchPass)){
            $consulta = parent::select('id', 'funcionario', 'WHERE email = ? AND senha = ?', 'ss', array($this->getEmail(), $this->getSenha()));
            $result = $consulta->fetch_object();

               if($consulta->num_rows > 0){
                    $_SESSION['idFuncionario'] = $result->id;
                    $_SESSION['logado'] = true;

                    $msgResult['tipo'] = 'success';
                    $msgResult['msg'] = "Login Efetuado com Sucesso!";
                    return json_encode($msgResult);
                }else{
                    $msgResult['tipo'] = 'error';
                    $msgResult['msg'] = 'Email ou Senha Incorretos!';
                    return json_encode($msgResult);
                }
            }else{
                $msgResult['tipo'] = 'error';
                $msgResult['msg'] = 'Senha Incorreta!';
                return json_encode($msgResult);
            }
        }else{
            $msgResult['tipo'] = 'error';
            $msgResult['msg'] = 'Email não Existe!';
            return json_encode($msgResult);
        }

    }
  • Did you check whether $resultSearchPass contains a valid string and if it was created by the method password_hash()

  • yes this normally coming from the bank already checked. he stops to take that part n bringing me no result if($this->compararSenha($this->getSenha(), $resultSearchPass))

1 answer

0


You are passing the wrong parameters to your method. Note the signature of your method:

private function compararSenha($hash){
    return password_verify($this->getSenha(), $hash);
}

She receives only the hash, because the password is searched in the object itself through the method getSenha(). So this method only needs to receive the hash and nothing more.

However, in your code you call this method by passing two arguments, the password and the hash and its function is using the password as hash, and discarding $resultSearchPass.

To fix this problem just change:

if ($this->compararSenha($this->getSenha(), $resultSearchPass)) {
    // ...
}

For:

if ($this->compararSenha($resultSearchPass)) {
    // ...
}
  • a doubt ex: comes from my BD we321234232345dasd. suppose q that is 123 encrypted, in select when using I use 123 or the result of bd?

  • In select you only use the email... Never search by password. Search the email and then use the password_verify

  • intendi thank you

Browser other questions tagged

You are not signed in. Login or sign up in order to post.