I try to log users with password encrypted with hash, using password_verify [duplicate]

Question

I try to log users with password encrypted with hash, using password_verify [duplicate]

Navigation

#1 by (0 votes)

0

<?php

session_start();

$connect = mysqli_connect("localhost","root","","dbvasco");

if(!empty($_POST["user"]) && !empty($_POST["pass"])) {

 // $user = $_POST["user"];
  //$pass = $_POST["pass"];

  $user = htmlspecialchars(mysqli_real_escape_string($connect, $user));
  $pass = htmlspecialchars(mysqli_real_escape_string($connect, $pass));

  //consulta para obtener la passwd
  $sql2 = "SELECT * FROM users_profesores WHERE User = '$user' OR EMail = '$user'";

  $resulta=mysqli_query($connect, $sql2);

  if(mysqli_num_rows($resulta)==1) {

  $datas = mysqli_fetch_assoc($resulta);

  if( password_verify($pass, $datas['Passwd'] ) ) {
  //logueamos ussueriO
  $sql = "SELECT User FROM users_profesores WHERE (User='$user' OR EMail='$user') AND Passwd='$pass'";
  //$sql = "SELECT User FROM users_profesores WHERE User='$user'";
  $result = mysqli_query($connect, $sql);

  $num_row = mysqli_num_rows($result);

  if ($num_row == "1") {
    $data = mysqli_fetch_assoc($result);
    $_SESSION["user"] = $data["User"];
    echo "1";

    } else {
    echo "error";
     }
   } //fin pass_verify 

 }//fin rows

}//fin if isset
   else {  
  echo "error";
}


?>

mysql php mysqli

asked by Armando Arellano 26.09.2016 в 04:24

source

1 answer

Android RecyclerView Firebase Fragment PHP functions in ajax

score 0 · Answer 1

I would do it this way, I think the problem is to use mysqli_fetch_array() that returns the fields in the table in numerical order, unlike mysql_fetch_assoc() that returns the names of the fields.

// Si existe usuario y contraseña
if ( !empty( $_POST['user'] ) && !empty( $_POST['pass'] ) ) {
    // Credenciales
    $user = htmlspecialchars( mysqli_real_escape_string( $connect , $_POST['user'] ) );
    $pass = htmlspecialchars( mysqli_real_escape_string( $connect , $_POST['pass'] ) );

    // Datos del usuario
    $sql2 = "SELECT * FROM users_profesores WHERE User='$user' OR Email='$user'" ;

    // Ejecuta el query
    $resulta = mysqli_query( $connect , $sql2 );

    // Si se obtiene un unico registro
    if ( mysql_num_rows( $resulta ) == 1 ) {
        // Datos de la consulta
        $datas = mysql_fetch_assoc( $resulta );

        // Si coinciden los password
        if ( password_verify( $pass , $datas['Passwd'] ) ) {
            // Agrega los datos a la sesión
            $_SESSION['USER'] = $datas['User'] ;
            # Otros datos de la sesión ...
        } else {
            # Excepción ...
        }
    } else {
        # Excepción ...
    }
}