CODEWITHSUNDEEP
phpandroidencryptionhash
Seshagiri Rao Kornepati
Seshagiri Rao Kornepati

Reputation: 35

Password Encryption Android, PHP

UPDATED:

I have my android app working fine with plain text password until now. I am trying to hash the password as next step. Cant find what the error is.

I am very sure that the communication is fine with plain text passwords. I verified that the hashed value is getting stored in the DB properly(used varchar(80) for this attribute in the DB).

Please help.

Register.php

    <?php
include("config.php");

session_start();


// username and password sent from form 


$firstName = mysqli_real_escape_string($db,$_POST["firstName"]);

$lastName = mysqli_real_escape_string($db,$_POST["lastName"]);

$email = mysqli_real_escape_string($db,$_POST["email"]);

$myusername = mysqli_real_escape_string($db,$_POST["username"]);

$mypassword = mysqli_real_escape_string($db,$_POST["password"]); 

$passwordhash = password_hash($mypassword, PASSWORD_DEFAULT);

$sql = "INSERT into user VALUES ('$firstName', '$lastName', '$myusername', '$email', '$passwordhash')";


$result = mysqli_query($db,$sql);


if($result) 
{

    echo "success";

}else{

    echo "failed";

}



?>

Login.php

    <?php
include("config.php");


session_start();



// username and password sent from form 

$myusername = mysqli_real_escape_string($db,$_POST["username"]);

$mypassword = mysqli_real_escape_string($db,$_POST["password"]);     

$sql = "SELECT * FROM user WHERE username = '$myusername'";

$result = mysqli_query($db,$sql);
$count = mysqli_num_rows($result);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$hash = $row['password'];

// If result matched $myusername and $mypassword, table row must be 1 row



if(true === password_verify($mypassword,$hash)) {

    echo "success". "\n";  

    echo $row['firstName'] . "\n";

    echo $row['lastName'] . "\n";

    echo $row['username'] . "\n";

    echo $row['email'] . "\n";

}
else{

    echo " Incorrect Login. Please try again ";
}


?>

Upvotes: 0

Views: 674

Answers (2)

jared
jared

Reputation: 483

You need to use password_verify($password, $hash) to verify the password. A new hash will use a different salt and result in a new value for the hash.

Upvotes: 2

victor
victor

Reputation: 812

you gotta use another php function called password_verify, it will verify that a particular password was used to create the hash.

http://php.net/manual/en/function.password-verify.php

Upvotes: 1

Related Questions