Login problems using the crypt() function in PHP

Asked

Viewed 313 times

2

I’m returning to the world of PHP after a long winter. I took an example of user registration that uses MD5 as encryption standard and now I’m struggling to log in a test user because I need to change the default to crypt (Blowfish).

Apparently, the password recording is working properly. I’ve even found that it starts with "$1$", which is the standard of Blowfish but, when I try to login this user, the password I am typing does not match the password that is in the BD (Mysql).

I’ve tried to adapt my code in every way and I can’t get it right.

Follow a snippet of the function I use to validate the password (still in MD5 default):

public function login($email,$upass)
{
    try
    {
        $stmt = $this->conn->prepare("SELECT * FROM TBL_USERS WHERE EMAIL=:email_id");
        $stmt->execute(array(":email_id"=>$email));
        $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

        if($stmt->rowCount() == 1)
        {
            if($userRow['USER_STATUS']=="Y")
            {
                if($userRow['PASSWORD']==$upass)
                {
                    $_SESSION['userSession'] = $userRow['USER_ID'];
                    return true;
                }
                else
                {
                    header("Location: index.php?error");
                    exit;
                }
            }
            else
            {
                header("Location: index.php?inactive");
                exit;
            }   
        }
        else
        {
            header("Location: index.php?error");
            exit;
        }       
    }
    catch(PDOException $ex)
    {
        echo $ex->getMessage();
    }
}

Can anyone help me? Do they need any more data? I know the best way is to poke around and I’ve already managed to create the 99.999% of my site just by poking around and remembering... Only that question remains!

Thank you all!!!

php mysql cryptography bcrypt
  • 1

    I can help you, sir. Use the functions of the type password_

3 answers

0

From what I noticed, you are not generating the password hash typed by the user again during login.

Change the following line:

if($userRow['PASSWORD']==$upass)

To:

if($userRow['PASSWORD']==crypt($upass))

Remember that the Blowfish works with a cost parameter of processing. So, you need to apply the same cost you are applying at the time of registering the user.

  • i didn’t pass any parameter, just put crypt($upass) in the password, in the database routine. I need to do something else?

-1

Replace the line:

if($userRow['PASSWORD']==$upass)

by the line:

if(crypt($upass,$userRow['PASSWORD']) == $userRow['PASSWORD'])

-3

You are saving the encrypted password in your bank when you register, just when you bring it back it will continue like this, so when compare and need to encrypt also the password that the user typed and compare the two. $senha_do_usuario = 'Olá Mundo'; $senha_do_banco = 'olznvdlXq95hc'; /* Aqui voce compara a senha do banco que ja está encriptada com a senha que a pessoa digitou que não esta encriptada, para que a comparação de certo no caso da senha correta deve-se antes encriptar a que o usuario digitou com o mesmo salt que usou quando salvou a que esta no banco*/ if($senha_do_banco == crypt($senha_do_usuario, 'olá')){ echo 'pode acessar'; }else{ echo 'acesso negado'; }

Browser other questions tagged php mysql cryptography bcrypt

You are not signed in. Login or sign up in order to post.