stackoom
  简体   繁体   中英

Can't login with hashed password - Mysqli PHP

 原文  2020-04-22 13:40:54       php

Question

I have hashed my password on the registration page with next code:

$c_pass = $_POST['c_pass'];
$storePassword = password_hash($c_pass, PASSWORD_BCRYPT, array('cost' => 10));

And on login page I have this code:

$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];
$select_customer = "select * from customers where customer_email='$customer_email' AND customer_pass='$customer_pass'";

When trying to log in, they pop-up me an error screen that my credentials not valid. I try to use

if(password_verify($customer_password,$row['c_pass'])){

But noting help me, can someone write me solution for this because i can't find the solution.

1 answers

solution1
 1  2020-04-22 14:06:17

You should remove the AND from your WHERE clause because when user types his/her password on login form input, it will be non-hashed and therefore you will never retrieve the user by the composite condition email + password. Instead, you should find the user by identifier (username or email), then you should compare the raw password from login form password input against the hashed from the database. So take a look into the following:

$mysqli = new mysqli('host', 'user', 'password', 'db_name');

// these are submitted input values from the login form which you handle
$email = $_POST['c_email'];
$password = $_POST['c_password'];

// build your query with prepared statements which will retrieve
// the user from the database with login form submitted email
$stmt = $mysqli->prepare('select * from customers where customer_email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();

$result = $stmt->get_result();
$customer = $result->fetch_assoc();

if (empty($customer)) { 
    // no user found by this email, so send to user response message
    // that your system cannot find any customer by provided email
    return false;
}

// here you compare the typed user login password versus the fetched user's password from the database by the provided user email
if (password_verify($password, $customer['c_pass'])) {
    // ok, so the password comparison match
} else {
    // invalid password
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mysqli: I can't login with hashed password Can't Login With sha1 Hashed password PHP - login-function using sha1 hashed password, can't get it to work Is there a way to store hashed passwords for php mysqli login? Can't fetch hashed password for login form in MySQL MySqli Login System - Having Troubles With Verifying Hashed Password PHP Can't use a hashed password in a PDO query PHP login using MySQL data and hashed password Login doesn't work with not hashed password only hashed ones Comparing Hashed Password in the database to user Input in PHP MYSQLI
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM