How to send the password already with the hash to the database

Asked

Viewed 177 times

-4

How could I send a hashed password to my database?

Code

$PDO = db_connect();
$sql = "INSERT INTO users(nome, login, password, email,linkfb) VALUES(:name, :login, :senha, :email, :linkfb)";
$stmt = $PDO->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':login', $login);
$stmt->bindParam(':senha', $senha);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':linkfb', $linkfb);
$senha = isset($_POST['senha']) ? $_POST['senha'] : null;
php hash

  • I didn’t understand the reason for the downvote

  • it wasn’t me, someone gave it to me ...

2 answers

0

hash

$PDO = db_connect();
$sql = "INSERT INTO users(nome, login, password, email,linkfb) VALUES(:name, :login, :senha, :email, :linkfb)";
$senha = hash('ripemd160', $senha);
$stmt = $PDO->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':login', $login);
$stmt->bindParam(':senha', $senha);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':linkfb', $linkfb);
$stmt->execute();

or

$senha = password_hash($senha, PASSWORD_BCRYPT, 10);

validation

$senha = isset($_POST['senha']) ? hash('ripemd160', $_POST['senha']) : hash('ripemd160', 'null');

if you use the hash 'ripemd160' and what you will use to validate the password again when you need it

  • but I’m using the hash man.

  • @Felipe ready readjusted

  • I didn’t give down vote no man.

  • @Felipe not brother and because you won a downvote for no reason

  • ah Sam, I understand man vlw, could you explain to me what that means "lock"?

  • face I’ll switch to the password_hash, this lock and what you’ll have to use to validate it later

  • and in case how could I test if there is something ex this; $password = isset($_POST['password']) ? $_POST['password'] : null; and already put the hash in it?

  • @William appeared this error here :

  • Warning: hash(): Unknown hashing Algorithm: trava in C: xampp htdocs skincs add.php on line 8

  • @Felipe o 'ripemd160' e o algoritimo validador da password... vc pode criar uma função para isso, mais é viavel pois o ripemd160 e nativo

  • how could I solve you can help me?

  • puts ripemd160 in place of 'lock'

Show 7 more comments

-3


One way to do this would be:

$senha = (isset($_POST['senha'])) ? password_hash($_POST['senha'], PASSWORD_BCRYPT) : null;

$stmt->bindParam(":senha", $senha);

You can make these transformations in the SET method of your class that receives the data... I hope it helps...

  • 4

    SHA1 and MD5 are not secure hashs and should be avoided. SHA1 can already be broken and the MD5 string may have known hashs. It should use PHP’s native function to work with "password_hash" passwords: http://php.net/manual/en/function.password-hash.php

  • MD5, SHA1, SHA2, SHA3... All these are for general purposes, not passwords. If you really want to use them, use PBKDF2. However, there are better alternatives, such as Bcrypt, Argon2 (...) that can be used with password_hash, as indicated by Marcos.

Browser other questions tagged php hash

You are not signed in. Login or sign up in order to post.