Password_bcrypt - PHP

Asked

Viewed 51 times

0

I have a Shell script that generates a password randomly and saves it in pass.txt.

In php I have the code below, which opens this pass.txt, takes the password that is in it and generates the Hash overriding the pass.txt. With this hash I saved in mysql database:

    <?php
$senha1 = file_get_contents("/tmp/pass.txt");
#$senha1 = trim($senha1);
$senha1 = preg_replace('/s(?=s)/', '', $senha1);
$senha1 = preg_replace('/[nrt]/', ' ', $senha1);
$senha1 = preg_replace('/\\s\\s+/', ' ', $senha1);
$senha1 = password_hash($senha1, PASSWORD_BCRYPT, [cost => 12]);
$arquivo = "/tmp/pass.txt";
$fp = fopen($arquivo, "r+");
fwrite($fp, $senha1);
fclose($fp);
?>

However, this process is all automated and sometimes the system logs and sometimes not. I did the manual process and at this time no access is allowed with the user and password that is generated. I do not know if in this process, when generating the Hash, some garbage is being inserted and etc. But I used replace to test remove waste.

The only "strange" situation is that it generates this Warning when php runs:

PHP Warning:  Use of undefined constant cost - assumed 'cost' (this will 
throw an Error in a future version of PHP)

Use the function password_verify to validate the password.

Through some tests, setting the password in a variable in the own PHP and generating the Hash through this variable works. But if the password is in a TXT and I take the information that is in this TXT and encrypt the password, it does not work.

  • The correct is password_hash($senha1, PASSWORD_BCRYPT, ["cost" => 12]);

  • Warning is gone. Thank you. But I ran php in the password we created in pass.txt , the hash is generated, the mysql game hashed and still does not access.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.