Reputation:
How do I get crypt() to work properly?
Here is my failing code. I'm stil getting familiar with syntax so I'm guessing that might be an issue. crypt took a while for me to understand, but it basically generates a seemingly random salt and stores it in the "encrypted" password. So when you want to test against it, you need to retrieve the salt from the stored password. Hence the sign_in code is longer.
The insert upon sign_up
$pass = crypt($pass);
database::query("INSERT INTO cr VALUES ('$fname', '$lname', '$email', '$pass')");
The check upon sig_in
$query = "SELECT pass FROM cr WHERE email='$email'";
$row = mysql_fetch_row(database::query($query));
$pass = crypt($pass, $row[0]);
$query = "SELECT email,pass FROM cr WHERE email='$email' AND pass='$pass'";
if (mysql_num_rows(database::query($query)) == 0)
{
Upvotes: 0
Views: 141
Answers (1)
Reputation: 7922
Here's a bcrypt helper class you can use.
Usage:
$bcrypt = new bcrypt(7); // number of rounds
$hash = $bcrypt->hash('password');
$isGood = $bcrypt->verify('password', $hash);
echo "$hash $isGood"
PS - Your code is vulnerable to SQL injection. Consider looking into prepared statements. Check out PDO and MySQLi.
edit - I forgot to take out a couple of undefined constants from the class, so feel free to kill BCRYPT_ROUNDS and any others you might find. Apologies.
Upvotes: 3
Related Questions
- PHP crypt() returning wrong answer
- Crypting with php crypt()
- Php crypt() function returning "weird results"
- PHP crypt problems
- PHP password crypt giving weird results
- Can't get password encryption to work PHP
- Implement crypt() in php
- Just switched encryption to "crypt" using PHP but now any password works
- crypt() not functioning as needed
- (PHP) How to correctly implement crypt()