Progger
Reputation: 2254
Just switched encryption to "crypt" using PHP but now any password works
I am trying to use crypt() in PHP to authenticate users. Here is my code in the login page:
$valid = MemberDB::isValidMember($email_address, $password);
if ($valid == TRUE) {
$_SESSION['is_valid_member'] = TRUE;
header("Location: ../welcome/");
} else {
$login_message = 'log in';
include('./view/login.php');
}
Here is the function that is supposed to bring back True or False:
public static function isValidMember($email_address, $password) {
$db = Database::getDB();
$query = "SELECT member_ID, password
FROM members
WHERE email_address = :email_address";
$statement = $db->prepare($query);
$statement->bindValue(':email_address', $email_address);
$statement->execute();
$row = $statement->fetch();
$statement->closeCursor();
return $row ? crypt($password, $row['password']) : FALSE;
}
Currently, no matter what password I enter, it lets me in. When I do a var_dump on $valid, it brings back the 98 char string of the encrypted password so I know that $valid does NOT equal TRUE. Please help!
Thanks.
Upvotes: 1
Views: 365
Answers (2)
kingcoyote
Reputation: 1146
Crypt returns a hashed string, not a boolean value. You need to compare that hashed string to the known hash and return if they are the same:
return $row ? crypt($password, $row['password']) == $row['password'] : FALSE;
Upvotes: 1
Puggan Se
Reputation: 5846
replace
return $row ? crypt($password, $row['password']) : FALSE;
with
return $row ? ($row['password'] == crypt($password, $row['password'])) : FALSE;
Upvotes: 2
Related Questions
- Encrypt password login issue
- Cannot login with crypt password
- Encrypted password becomes invalid
- PHP Login not working?
- basic error with password encryption in php
- PHP password crypt giving weird results
- Can't get password encryption to work PHP
- Hashing password using crypt does not work on the login it displays incorrect pass
- How do I get crypt() to work properly?
- php crypt problem