error with password_verify ()

0

Good afternoon I have a problem using password_verif() it is not verifying correctly to log in, it is falling straight into else with msg "bad password". could anyone help me?

Functions:

private function compararSenha($hash){
    return password_verify($this->getSenha(), $hash);
}

private function findEmail($campo){
    $consulta = parent::select($campo, 'funcionario', 'WHERE email = ?', 's', array($this->getEmail()));
    $result = $consulta->fetch_object();

    if($consulta->num_rows > 0){
        if($campo == 'senha'){
            return $result->senha;
        }else if($campo == 'email'){
            return true;
        }
    }else{
        return false;
    }

}

public function logar(){
    $msgResult = array();
    $resultSearchPass = $this->findEmail('senha');

    if($resultSearchPass){
        if($this->compararSenha($this->getSenha(), $resultSearchPass)){
            $consulta = parent::select('id', 'funcionario', 'WHERE email = ? AND senha = ?', 'ss', array($this->getEmail(), $this->getSenha()));
            $result = $consulta->fetch_object();

               if($consulta->num_rows > 0){
                    $_SESSION['idFuncionario'] = $result->id;
                    $_SESSION['logado'] = true;

                    $msgResult['tipo'] = 'success';
                    $msgResult['msg'] = "Login Efetuado com Sucesso!";
                    return json_encode($msgResult);
                }else{
                    $msgResult['tipo'] = 'error';
                    $msgResult['msg'] = 'Email ou Senha Incorretos!';
                    return json_encode($msgResult);
                }
            }else{
                $msgResult['tipo'] = 'error';
                $msgResult['msg'] = 'Senha Incorreta!';
                return json_encode($msgResult);
            }
        }else{
            $msgResult['tipo'] = 'error';
            $msgResult['msg'] = 'Email não Existe!';
            return json_encode($msgResult);
        }

    }
    
asked by anonymous 07.12.2018 / 17:40

1 answer

0

You are passing the wrong parameters to your method. Notice your method signature:

private function compararSenha($hash){
    return password_verify($this->getSenha(), $hash);
}

It only receives the hash , because the password is fetched on the object itself through the getSenha() method. So this method just needs to get the hash and nothing else.

However, in your code you call this method by passing two arguments, the password and the hash, and your function is using the password as a hash, and dropping $resultSearchPass .

To fix this problem simply change:

if ($this->compararSenha($this->getSenha(), $resultSearchPass)) {
    // ...
}

By:

if ($this->compararSenha($resultSearchPass)) {
    // ...
}
    
07.12.2018 / 17:57