Reputation: 75
how to use correctly bcrypt php class
i'm trying to use bcrypt class but not working when i want to use the verify code. It always hash a new password, so i can't login.
<?php
$password = Bcrypt::hashPassword($_POST['mdp_user']);
$pwdVerify = Bcrypt::checkPassword($_POST['mdp_user'], $password);
$sql = 'SELECT * FROM tgn_users WHERE login="' . $_POST[ 'login' ] . '" AND mdp_user="' . $password . '"';
echo $sql;
$req = mysqli_query( $connexion, $sql )or die( mysqli_error( $connexion ) );
if ( mysqli_num_rows( $req ) > 0 ) {
$nom_user = $_SESSION['nom_user'];
$prenom_user = $_SESSION['prenom_user'];
$_SESSION[ 'islog' ] = "connect";
//header( 'Location: ../../profile.php' );
} else {
$_SESSION[ 'login' ] = $_POST[ 'login' ];
$_SESSION[ 'mdp_user' ] = $_POST[ 'mdp_user' ];
$_SESSION[ 'message' ] = "Erreur de log et/ou de pwd";
//header( "Location: " . $_SERVER[ 'HTTP_REFERER' ] );
}
?>
This is the officiel doc. I'am new on bcrypt, i really don't understand how to find a solution. Please help !
<?php
require_once 'Bcrypt.php';
// hash the password => returns hashed password
Bcrypt::hashPassword($password);
// check $password against the $hashedPassword => returns true/false
Bcrypt::checkPassword($password, $hashedPassword);
?>
Upvotes: 1
Views: 376
Answers (2)
Reputation: 75
Thank you @Magnus Eriksson, i did it and it works.
<?php
function logUser() {
require( './connexion.php' );
$sql_user = 'SELECT * FROM tgn_users WHERE login="' . $_POST[ 'login' ] . '"';
$req = mysqli_query( $connexion, $sql_user )or die( mysqli_error( $connexion ) );
if ( mysqli_num_rows( $req ) > 0 ) {
$row = mysqli_fetch_assoc( $req );
if ( Bcrypt::checkPassword( $_POST[ 'mdp_user' ], $row[ 'mdp_user' ] ) ) {
if($row['login']='admin'){
header( 'Location: ../../admin/' );
}else{
$_SESSION[ 'nom_user' ] = $row[ 'nom_user' ];
$_SESSION[ 'prenom_user' ] = $row[ 'prenom_user' ];
$_SESSION[ 'id_user' ] = $row[ 'id_user' ];
//$lifetime = 60*60*24*30;
//setcookie(session_name($_SESSION['nom_user']), session_id($_SESSION['id_user']),time()+$lifetime,'/');
header( 'Location: ../../profile.php' );
}
}else {
$_SESSION[ 'message' ] = "Erreur de log et/ou de pwd";
header( "Location: " . $_SERVER[ 'HTTP_REFERER' ] );
}
}
}?>
But i have a problem in my condition. Whatever login is put i'am redirected to the admin page :(. AM I missing something in my if condition ?
Upvotes: 0
Reputation: 1129
Just use password_hash and password_verify for passwords. It supports many hash algorithms, even Bcrypt, and is much easier to understand.
You can select algorithm and rounds (and some more, but don't use it unless you know what you are doing) for password_hash and password_verify discovers the used algo
- https://secure.php.net/manual/en/function.password-hash.php
- https://secure.php.net/manual/en/function.password-verify.php
Upvotes: 1
Related Questions
- using Bcrypt with phpto hashing password not working
- PHP Login with bCrypt Hashed Passwords
- PHP - hashing passwords with bcrypt
- How do I store user password with Bcrypt
- Convert SHA256 Password Hashing Class to bcrypt in PHP
- PHP password_hash() / bcrypt
- Class to hash password using bcrypt
- How to handle BCrypt hashed passwords?
- How to use bcrypt with php for password authentication?
- Using bcrypt for user passwords