HASH is not working properly

Asked

Viewed 105 times

1

Regardless of the password being right or not, the message is always returned saying that the password is invalid.

make login.php

<?
include "connection.php";
require "blowfish.php";

$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];

$sql = mysqli_query($coneccao, "SELECT * FROM usuarios");   


while($linha = mysqli_fetch_array($sql))
{
    $senha_db = $linha['senha'];
    $login_db = $linha['login'];
}

$cont = mysqli_num_rows($sql);

if($login_db != $login || $login == "")
{       
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
    <script type='text/javascript'>alert('Este usuario não existe')</script>";      
}
else
{
    if(verifica_hash($senha, $senha_db))
    {
        echo "<meta http-equiv='refresh' content='0; url=index.php'>
        <script type='text/javascript'>alert('Senha incorreta')</script>";  
    }
    else
    {
        session_start();

        $_SESSION['login_usuario'] = $login;

        header("location: index.php");  
    }
}

mysqli_close($coneccao);
?>

make registration.php

<?
include("connection.php");
require("blowfish.php");

$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];

if($senha != $confirmarsenha)
{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
          <script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
    $sqlpegar = mysqli_query($coneccao, "SELECT * FROM usuarios");

    while($linha = mysqli_fetch_array($sqlpegar))
    {   
        $login_db = $linha['login'];
        $email_db = $linha['email'];
    }

    if($login_db == $login)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse usuario já existe')</script>";
    }
    if($email_db == $email)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
    }
    else
    {
        $senha = hash_password($senha);
        $mysqli = new mysqli('localhost', 'root', '', '');
        $stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
        $stmt->bind_param('sss', $login, $senha, $email);
        $stmt->execute();


        header("location: index.php");  
    }
}

mysqli_close($coneccao);
?>

Blowfish.php

<?
function hash_password($password){
    $formato = "$2y$10$";
    $salt = salt(22);
    $formato_salt = $formato.$salt;
    $password_hash = crypt($password, $formato_salt);
    return $password_hash;
}
function salt($tamanho){
    $random = md5(uniqid(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM), true));
    $base = base64_encode($random);
    $base64 = str_replace('+', '.', $base);
    $salt = substr($base64, 0, $tamanho);
    return $salt;
}
function verifica_hash($password, $hash_existente){
    $hash = crypt($password, $hash_existente);
    if($hash === $hash_existente){
        return true;
    } else {
        return false;
    }
}
?>

What’s wrong with it?

1 answer

1


It is a logic problem. The error is in how the password is evaluated in the function verifica_hash:

if(verifica_hash($senha, $senha_db)){
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
    <script type='text/javascript'>alert('Senha incorreta')</script>";  
}
else{
    session_start();

    $_SESSION['login_usuario'] = $login;
    header("location: index.php");  
}

If the values match, the return is True, if not, False, but in the code above, when the password is correct, the code that will be executed will be the block if() {..} and when you are wrong, the block else {..} is executed.

Therefore, in order for the code to work properly, invert the condition code blocks:

if(verifica_hash($senha, $senha_db)){ // A função retorna verdadeiro, a senha está correta
    session_start();
    $_SESSION['login_usuario'] = $login;

    header("location: index.php");         
}
else{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
        <script type='text/javascript'>alert('Senha incorreta')</script>";  
}
  • Now you say the user does not exist.

  • 1

    Hello, I managed to tidy up, thanks for the help again.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.