Check password hash at login (password_hash)

Question

Check password hash at login (password_hash)

Navigation

#1 by (1 votes)

0

I did all the login code, but when I went to test, I gave the login error, using the same password that I used in the registry, when I realized that password_hash always generates a different hash. Since a different hash is always generated, how do I check the new hash with which it is saved in the database? (I was reading this question, but it did not help me much. How to apply password_hash for use of SELECT, INSERT and UPDATE? ).

On a test page I put:

$senha = password_hash(12345678, PASSWORD_DEFAULT);
echo $senha;
// Saiu:
// $2y$10$u5ib0cJivaTMWMceujIAjOq0G8tkjY7UTOMqOnqlWt6Rf8Vb2MLBK

In the login box I put:

$senha = password_hash($senha, PASSWORD_DEFAULT);
// mesmo inserindo 12345678 saiu um resultado diferente.
// $2y$10$ZAWmkLhap3LpLH.EtKPl3uUdRV6joyP5sQND1m0HnFH8XNrehazSi

form:

    <form method="post" action="" >
        <input type="text" name="usuario" placeholder="Digite seu nome de usuário"><br>
        <input type="password" name="senha" placeholder="Digite sua senha"><br>
        <input type="submit" name="btn" value="Entrar"><br>
    </form>   

    <?php
    // caso haja post, esse if será executado
    if($_POST){
        // Aqui ele vai filtar o post, o ultimo parametro serve para tirar tags e caracteres especiais.
        $usuario = filter_input(INPUT_POST, 'usuario', FILTER_SANITIZE_STRING);
        $senha = filter_input(INPUT_POST, 'senha', FILTER_SANITIZE_STRING);
        // agora mesmo com esse var_dump está gerando um hash, sendo que eu tirei o password da função
        var_dump($senha);
        // aqui ele inclui a classe
        require_once '../PDO/metodospdo.php';
        // aqui ele chama o método Login, por ser static não precisa criar um objeto.
        MetodosPDO::login($usuario, $senha);
    }
    ?>

full function:

static function login($usuario, $senha) {
    try {
        $con = ConnectionFactory::getConnection();
        $con->beginTransaction();
        //$senha = password_hash($senha, PASSWORD_DEFAULT);
        $stmt = $con->prepare("select usuario from tbl_login where usuario = :usuario and senha = :senha");
        $stmt->bindParam('usuario', $usuario);
        $stmt->bindParam('senha', $senha);
        $stmt->execute();
        if ($stmt->fetchAll(PDO::FETCH_ASSOC)) {
            echo '<script> confirm("Bem vindo ao sistema!"); <script>';
            header("Location: menu.php");
        } else {
            echo '<script> alert("Usuário ou senha incorretos!");
                           window.location("login.php"); </script>';
        }
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}

php hash

asked by anonymous 09.07.2018 / 03:42

1 answer

Update PivotTable with connection to a Stored Procedure using VBA Macro Error uninstalling Passport Laravel [closed]

score 1 · Accepted Answer

When you use password_hash you need to password_verify to verify the password.

The password_verify needs the first parameter the password entered by the user and the other the hash that is in the bank.

Remembering that password_verify always returns a Boolean value, and then you can easily check it.

See here in detail