Doubt over hash, md5 and unencrypted

Navigation
2

I had a doubt.

I have a login where I have a password with hash and the login is valid as such. If I enter a password directly without encrypting in the database or I do an update of the password with md5, would there be any kind of problem in logging in? 

<?php session_start();
if (isset ($_SESSION['usuario'])){
  header('Location: ../php/home.php');
}
$errores = '';
if ($_SERVER['REQUEST_METHOD'] =='POST') {
  $email = filter_var(strtolower($_POST['email']), FILTER_SANITIZE_STRING);
  $password = $_POST['password'];
  $password = hash('sha512', $password);
  try {
    $conexion = new PDO('mysql:host=localhost;dbname=drivers_parade_club', 'root', ' ') ;
    // la conexión a la base de datos se hace bien.
  } catch (PDOException $e) {
    echo "Error". $e->getMessage();;
  }
  $statement = $conexion->prepare ('SELECT * FROM usuarios WHERE email = :email AND pass = :password');
  $statement->execute(array(
    ':email'=> $email,
    ':password'=>$password
  ));
  $resultado = $statement->fetch();
  if ($resultado !==false) {
    $_SESSION ['usuario'] = $email;
    header('Location: ../php/home.php');
  }else {
    $errores= '<li style="color:red;"> Tu e-mail o contraseña no son correctos</li>';
  }
}
?>
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport"
    content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Drivers Parade Club</title>
  <!-- Bootstrap CSS CDN -->
  <link rel="stylesheet" href="../css/bootstrap.css">
  <!-- Our Custom CSS -->
  <link rel="stylesheet" href="../css/estilos_login.css">
  <link rel="stylesheet" href="../css/mdb.css">
  <!--Icons CSS-->
  <link rel="stylesheet" href="../css/fontello.css">
  <link rel="stylesheet"
    href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
  <script type="text/javascript" src="../js/mdb.min.js"></script>
  <!--Favicon-->
  <link rel="shortcut icon" href="../imagenes/logoprueba.jpg" sizes="64x64"/>
</head>
<body class="imagen">
  <div class="container">
    <div class="row">
      <div class="col">
        <nav
          class="navbar fixed-top navbar-expand-lg navbar-light white  scrolling-navbar">
          <div class="text-center">
            <a href="php/contactologin.php" 
              class="btn btn-default btn-rounded mb-4" 
              data-toggle="modal" data-target="#modalContactForm">Contacto</a>
          </div>
        </nav>
        <div ></div>
        <!-- Material form login -->
        <div class="card " style="margin-top:25%">
          <h5 class="card-header warning-color white-text text-center py-4 " >
            <strong>Login</strong>
          </h5>
          <!--Card content-->
          <div class="card-body px-lg-5 pt-0">
            <!-- Form -->
            <form 
              class="text-center formulario" 
              style="color: #757575;" 
              action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" 
              method="POST" name="login">
              <!-- Email -->
              <div class="md-form">
                <input type="email" 
                  id="materialLoginFormEmail" class="form-control" name="email">
                <label for="materialLoginFormEmail">E-mail</label>
              </div>
              <!-- Password -->
              <div class="md-form">
                <input type="password" 
                  id="materialLoginFormPassword" class="form-control" name="password">
                <label for="materialLoginFormPassword">Contaseña</label>
              </div>
              <div class="d-flex justify-content-around">
                <div>
                  <!-- Forgot password -->
                  <a href=""></a>
                </div>
              </div>
              <!-- Sign in button -->
              <div class="text-center mt-4">
                <button class="btn btn-warning btn-lg  mt-4" 
                  onclick="login.submit()">Login</button>
              </div>
              <br>
              <br>
              <?php if(!empty($errores)):?>
                <div class="error">
                  <ul>
                    <?php echo $errores;?>
                  </ul>
                </div>
              <?php endif;?>
              <br>
              <br>
              <!-- Register -->
              <p>¿No eres miembro?
                <a href="php/registro.php">Registrate</a>
              </p>
            </div>
          </div>
          <!-- Material form login -->
    
asked by alo Malbarez 19.08.2018 в 16:21
source

2 answers

1

If you put a password without encrypting the db, the decryption will not work because the encryption patterns do not exist in the unencrypted password. If you do an update to the DB with a new password encrypted with the same encryption algorithms, and you continue to decrypt it in the same way then there will be no problem.

When creating users, you can use 

$password = password_hash($_POST['password'], PASSWORD_BCRYPT)

That variable is what you keep in the bd.

To login, you must search for the user by referring to the email 

SELECT * FROM tutabladeusuarios  WHERE email = '".$_POST['emaildelformulario']."'

When you do the fetch you verify the password you got from the db 

if (password_verify($passworddelformulario, $passworddeladb)) {
    echo "contraseña correcta"
}else{
    echo "contraseña incorrecta"
}
    
answered by 19.08.2018 в 17:02
-1

The password is saved "Hasheada" in the database as such, if for example you have in your database a user called: "pepito", with the password hasheada: "A323F555", and update in the BSD your password with MD5 there would be no problem, since when starting that login you would make a query to the BSD and only check that the password entered and the one that is stored in the password field in the BSD are equal, if both are equal it would return correct and you would login without problems!

    
answered by 19.08.2018 в 17:05
SQlite Detects me 0 as null foreign key problems