I'm returning to the PHP world after a long winter. I took an example user registry that uses MD5 as the encryption standard and now I'm trying to login to a test user because I need to change the default to crypt (Blowfish).
The password recording is apparently working correctly. I even checked that it starts with "$ 1 $", which is the default for Blowfish, but when I try to login to this user, the password I am typing does not match the password that is in the MySQL. p>
I have tried to adapt my code in all ways and I can not get it right.
Here is an excerpt from the function I use to validate the password (still in MD5):
public function login($email,$upass)
{
try
{
$stmt = $this->conn->prepare("SELECT * FROM TBL_USERS WHERE EMAIL=:email_id");
$stmt->execute(array(":email_id"=>$email));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1)
{
if($userRow['USER_STATUS']=="Y")
{
if($userRow['PASSWORD']==$upass)
{
$_SESSION['userSession'] = $userRow['USER_ID'];
return true;
}
else
{
header("Location: index.php?error");
exit;
}
}
else
{
header("Location: index.php?inactive");
exit;
}
}
else
{
header("Location: index.php?error");
exit;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
Can anyone help me? Do you need any more data? I know the best way is to try and create 99.999% of my site just by browsing and reminding ... That's all that's left!
Thank you all!