Hash of plain text users

Question

Hash of plain text users

Navigation

#1 by (1 votes)

1

I have several records (about 300) where users have their password in plain text and I want to pass it to HASH

use a file to convert the passwords and then insert them, but it happens that some are blank, because?.

To verify that it was not the password_hash I made a list with tables and place the conversion there and the whole list comes out with hash, the problem I think is in the query.

Here I leave both files:

Hashear.php

  <?php

          $stmt =$conexion->prepare("SELECT * FROM usuarios");
          $stmt->execute();
          $resultados=$stmt->get_result();
          $contador=0;
          while ($datos= $resultados->fetch_assoc()) 
                            $contraseña=$datos["contrasena"];

            $hash=password_hash($contraseña);

    $stmt = $conexion->prepare("UPDATE usuarios SET hash=? WHERE contrasena=?"); 

  $stmt->bind_param("ss",$hash,$contraseña);
       $stmt->execute();
       $stmt->close();



        // --------------------------------------- //
          ?>

Listing in HTML

 <?php

          $stmt =$conexion->prepare("SELECT * FROM usuarios");
          $stmt->execute();
          $resultados=$stmt->get_result();
          $contador=0;
          while ($datos= $resultados->fetch_assoc()) {
            $contador=$contador+1;
            echo '<td bordercolor="#FFFFFF" align="center" id="" width="1">'.$datos["id_usuario"].'</td>';
            echo '<td bordercolor="#FFFFFF" align="center" id="" width="1">'.$datos["usuario"].'</td>';
            echo '<td bordercolor="#FFFFFF" align="center" id="" width="45">'.$datos["contrasena"].'</td>';

            $contraseña=$datos["contrasena"];

            $hash=password_hash($contraseña);


            echo '<td bordercolor="#FFFFFF" align="center" id="" width="45">'.$hash.'</td>';
            $nivel=$datos["nivel_id"];
            $stmt =$conexion->prepare("SELECT desc_nivel FROM niveles WHERE id_nivel=?");
            $stmt->bind_param("i",$nivel);
            $stmt->execute();
            $stmt->store_result();
            $stmt->bind_result($desc_nivel); 
            $stmt->fetch();
            $stmt->close();
            echo '<td bordercolor="#FFFFFF" align="center" id="" width="45">'.$desc_nivel.'</td>';
            echo '<td bordercolor="#FFFFFF" align="center" id="" width="45">'.$datos["unidad_id"].'</td>';

            echo "</tr>";
          }
        // --------------------------------------- //
          ?>

Updated combining the code suggested in the answers and my code.

Displays "The data was updated successfully." but not all records > get, this time only the last ones were generated with HASh the first ones not:

<?php
include '__conexion.php';
  require_once 'funciones/passwordLib.php'; // Libreria de PHP5.5 Hash de contraseñas 
?>

          <?php

          $stmt =$conexion->prepare("SELECT * FROM usuarios");
          $stmt->execute();
          $resultados=$stmt->get_result();
          while ($datos= $resultados->fetch_assoc()) 
          $contraseña=$datos["contrasena"];
          $hash=password_hash($contraseña,PASSWORD_BCRYPT);
          $stmt = $conexion->prepare("UPDATE usuarios SET hash=? WHERE contrasena=?"); 
          $stmt->bind_param("ss",$hash,$contraseña);
          $comprobar=$stmt->execute();
          //Comprobamos si se ejecuto nuestra sentencia.
          if (false===$comprobar) {
            exit('Nuesta sentencia UPDATE fallo: ' . htmlspecialchars($actualiza->error));
          } else {
            echo "Los datos se actualizaron correctamente.";
          }


          $stmt->close();//Cerramos sentencia 'select'.

         ?>

php mysqli

asked by Victor Alvarado 20.03.2017 в 20:13

source

1 answer

Error creating a combobox powered from Symfony doctrine Pass objects collection via link_to

score 1 · Accepted Answer

In your example I see two small mistakes, the first is that in your while you have forgotten your keys {} .

And the second, you need to add the constant that will use the function password_hash() .

//Tu código
$hash=password_hash($contraseña);

//Código actualizado
$hash = password_hash($contraseña,PASSWORD_BCRYPT);

The following algorithms are currently supported:

PASSWORD_BCRYPT is used to create new hash of passwords using the algorithm CRYPT_BLOWFISH .

It will always result in a hash that uses the cryptographic format " $2y$ ", which always has a width of 60 .

or

PASSWORD_DEFAULT , The algorithm that will be used by default if no other is specified. This may change in future versions of PHP, when newer and stronger hashing methods are available.

Thus, if PASSWORD_DEFAULT is used, the resulting hash should be stored so that more than 60 characters can be stored ( 255 is the recommended width).

More information manual password_hash ()

A possible example:

       <?php
  //Tu conexión.
  require_once('conexion.php');

  //Sentencia.
  $stmt = $c->prepare("SELECT contrasena FROM usuarios");//Selecciono solo los datos a utilizar, en tu caso la contraseña.
  //Ejecutar sentencia.
  $stmt->execute();
  //Ligamos resultado BD.
  $stmt->bind_result($contrasena_txt_plano);
  while ($stmt->fetch()) {

    //Creamos nuestro Hash.
    $hash = password_hash($contrasena_txt_plano, PASSWORD_BCRYPT);//BCRYPT, que tendrá siempre 60 caracteres. (¡Imporante comprobar que tu columna contrasena en caso varchar pueda obtener 60 caracteres!

    //Creo un array, con el hash y la contrasena de texto plano.
    $arr[] = ['contrasena' => $contrasena_txt_plano, 'hash' => $hash]; 


  } $stmt->close();//Cerramos sentencia 'select'.

  //var_dump($arr);

  //Recorremos el array, para hacer nuestro 'UPDATE'.
  for ($i=0; $i<count($arr); $i++) { 

    //Actualizamos datos.
    $actualiza = $c->prepare("UPDATE usuarios SET hash=? WHERE contrasena=?");    
    $actualiza->bind_param("ss",$arr[$i]['hash'],$arr[$i]['contrasena']);

    $comprobar = $actualiza->execute();

    //Comprobamos si se ejecuto nuestra sentencia.
    if (false===$comprobar) {
      exit('Nuesta sentencia UPDATE fallo: ' . htmlspecialchars($actualiza->error));
    } else {
      echo "Los datos se actualizaron correctamente.<br />";
    }

    $actualiza->close();    

  }
?>