Problems with password_verify

Question

Problems with password_verify

Navigation

#1 by (2 votes)
#2 by (-1 votes)

4

I have a problem with the password_verify , because when I try to enter it shows me the wrong password, try the same with sha1 and it's the same.

The record:

if(count($errors) == 0) *[Aquí empieza el registro, que si no hay ningun problema pueda comenzar el registro]*{ 
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$captcha");
    $arr = json_decode($response, TRUE);
    if($arr['success']) *[Esta parte verifica el captcha para poder continuar]*{
        $password_hash = hashPassword($Password); [Aquí llama a la función hashPassword (La pondre debajo)]
        $register = registerUser($User, $password_hash, $Email, $active, $user_type);   [Y registra el usuario (Pondre el codigo de registerUser debajo)]       
        if($register > 1){                  
            echo "DONE";
        } else {
            $error[] = "Wrong Captcha";
        }
    } else {
        $errors[] = "Error to register";
    }
}

The total record: (Try to change global $ mysqli and I have an error)

function registerUser($User, $password_hash, $Email, $active, $user_type){ 
    global $mysqli;
    $stmt = $mysqli->prepare("INSERT INTO users (User, Password, Email, active, id_type) VALUES(?,?,?,?,?)");
    $stmt->bind_param('ssssi', $User, $password_hash, $Email, $active, $user_type);
    if ($stmt->execute()){
        return $mysqli->insert_id;
    } else {
        return 0;
    }
}

The user registers well and with the encrypted password

When I try to log in, it tells me the incorrect password :

function login($User, $Password, **[Intente poner $mysqli pero tengo error]**){
    global $mysqli;
    $stmt = $mysqli->prepare("SELECT id, id_type, Password FROM users WHERE User = ? || Email = ? LIMIT 1");
    $stmt->bind_param("ss", $User, $User);
    $stmt->execute();
    $stmt->store_result();
    $rows = $stmt->num_rows;

    if($rows > 0) {
        if(isActive($User)){
            $stmt->bind_result($id, $id_type, $Password);
            $stmt->fetch();
            $validatePassword = password_verify($Password, $Password); [He cambiando a $Password, $hash, $password_hash pero no he podido ingresar]

            if($validatePassword){
                lastSession($id);
                $_SESSION['id_User'] = $id;
                $_SESSION['user_type'] = $id_type;
                header("location: cpanel.php");
            } else {
                $errors = "La contrase&ntilde;a es incorrecta";
            }
        } else {
            $errors = 'El usuario no esta activo';
        }
    } else {
        $errors = "El nombre de usuario o correo electr&oacute;nico no existe";
    }
    return $errors;
}

I have searched everywhere to try to modify but has not paid attention, I added to my database a user with a numeric password to check and it still goes on, I think the problem is in the login or in a part of register.

Added: The password option has a varchar (250) and I have increased it to 1000 to test but nothing. I have the latest PHP version too

php

asked by sqk 26.07.2018 в 23:40

source

2 answers

I can not print the string array on the screen Overlay a DIV and disable the background

score 2 · Answer 1

to encrypt:

$hashgenerado = password_hash($clavedelusuario, PASSWORD_DEFAULT);

(I guess $ hash has saved it to a table or something)

to verify when the us enters:

if password_verify($clavedelusuario, $hashgenerado) => ok.

score -1 · Answer 2

Assuming that your hashPassword function uses php password_hash correctly (the code does not appear), you can try the following:

In the bind_result you must change the name of the third variable so that you do not lose (do not overwrite) the $ Password that you receive as a parameter to validate ..

...
$stmt->bind_result($id, $id_type, $PasswordHashInDB);
$stmt->fetch();
$validatePassword = password_verify($Password, $PasswordHashInDB);
...