my register using hash 'sha256' password for database, i dont know the function that using for login with hash password.. i tried it but not fix or i need to use hash password for it ::
session_start();
try{
$bdd = new PDO('mysql:host=localhost; dbname=senio743_payless','senio743_peter', 'P@ssw0rd123');
}
catch (Exception $e) {
die ('Error: '.$e->getMessage ());
}
$data = array ();
if (isset($_POST['submit'])) {
if (isset($_POST['con_id'])) {
$conId= htmlspecialchars($_POST['con_id']);
}
if (isset($_POST['con_password'])) {
$pass= htmlspecialchars($_POST['con_password']);
}
if ($conId==''||$pass=='') {
$message="Fill in all the enteries";
echo "<script>alert('".$message."');</script>";
exit();
}
$query= "SELECT * FROM `consumer` WHERE `con_id`='".$conId."' AND `con_password`= '".$pass."'";
$prepare = $bdd->prepare($query);
$exist = $prepare->execute();
if ($exist) {
if ($prepare->rowCount()>0) {
$data[]=$prepare->fetch();
foreach ($data as $datas) {
$con_name=$datas['con_name'];
$con_amount=$datas['con_amount'];
//echo $mer_name;
}
$_SESSION['ID']= $conId;
$_SESSION['name']= $con_name;
$_SESSION['balance']= $con_amount;
// $message="LOGIN Succesful";
header("location:../consumer/summary.php");
exit();
}
else {
$_SESSION['ID']= "";
$_SESSION['name']= '';
$_SESSION['balance']= 'Login Please';
$message="Login not succesful";
echo "<script>alert('".$message."');</script>";
header("location:../login.php");
exit();
}
}
please need help, thank you..
Do not use md5().
PHP has a password hashing function.
$options = [ 'cost' => 15 ];
$hashed_password = password_hash('password', PASSWORD_BCRYPT, $options);
if(password_verify($_POST['password'], $hashed_password))
{
// Password the same
}
else
{
// Password failed
}
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Using your script something along these lines may work as well
if (isset($_POST['submit'])) {
if ($conId==''||$pass=='') {
$message="Fill in all the enteries";
echo "<script>alert('".$message."');</script>";
exit();
}
$query = "SELECT * FROM `consumer` WHERE `con_id`= :con_id";
$prepare = $bdd->prepare($query);
$prepare->bindParam(':con_id', $con_id);
$prepare->execute();
$exists = $prepare->fetch();
$pass = hash('sha256', $_POST['pass']);
if($pass == $exists['pass'])
{
// Passwords Match
}
else
{
// They Don't
}
}
The hash function is just hash('sha256', $pass);
http://php.net/manual/en/function.hash.php
Also, when logging someone in, I've always looked up the user my their username and then compared the passwords in PHP. It should be faster because the query doesn't have compare a 200 character string to thousands of other strings.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.