CODEWITHSUNDEEP
phpmysqlpdo
Mark
Mark

Reputation: 75

PHP hashing prob

I am doing a Registration / Login and I can't get hashed passwords to match.

if(isset($_POST["pass"])) {
  $pass = $_POST["pass"];
  $options = array('cost' => 11);
  $pass = password_hash("$pass", PASSWORD_BCRYPT, $options)."\n";    
} 

$sql2 = $db->prepare('INSERT INTO Registrace (Email, Password, Nick) VALUES (:email, :password, :nick)');
$sql2->execute(array(':email' => $email,':password' => $pass, ':nick' => $nick));

Hashed password has been entered in Database.

Now, how do I make the password in login match the one in databse?

if(isset($_POST["pass"])) {
  ? ? ? ? ?     
}



$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick AND Password=:password");
    $sql->bindParam(':nick', $_POST['lognick']);
    $sql->bindParam(':password', $pass);
    $sql->execute();

    if($row = $sql->fetch()){
        $_SESSION['lognick'] = $row['lognick'];
        $_SESSION['lognick'] = $_POST["lognick"];
        $_SESSION['time'] = time();
        header("Location: Logged.php");
}
else {
  $_SESSION['error'] .= "Pass and Nick don't match.  ";
  header("Location: Login.php");   
}

Any idea what to do ?

Upvotes: 1

Views: 47

Answers (2)

Tomaso Albinoni
Tomaso Albinoni

Reputation: 1013

Look up the password hash and then check the entered password as follows:

if (password_verify($_POST['pass'], $row['Password'])) {
    // Logged in
} else {
    // Wrong password
}

Upvotes: 0

Machavity
Machavity

Reputation: 31634

What you'll need to do is find the username in the database and retrieve the hash, then pass it to password_verify

$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick");
// PDO binds and execute here
if($row = $sql->fetch()) {
     if(!password_verify($_POST['password'], $row['Password']) { //login fail

Upvotes: 4

Related Questions