Geek Answers Handbook

Php - checking and logging in PasswordHash

I am currently experimenting with php and mysql and am trying to create a simple login page and log in using html forms.

So far I have created a registration form that accepts user information such as name, email address and password.

To keep the password safe, I used PHPass, which uses a hash function to encrypt and store the password in my database table.

Until now, I could accept user passwords, run the hash function, and store the password on my table.

The problem I'm currently facing is how I can create a separate HTML form (log in) that takes users mail and password, checks the password for the hashed password stored in the table in order to sign the user into their Account.

To save passwords, I have:

require 'phpass/PasswordHash.php'; 

$user_password = ($_POST['password']);   

// Create a secure password 
$hasher = new PasswordHash(10, false); 
$user_password_hashed = $hasher->HashPassword($user_password);

Then using the SQL query:

$core_customer_insert = "INSERT INTO core_customer_information(firstname, lastname, email, password, activation_code, activated) VALUES ( 
                '".$conn->real_escape_string($first_name)."',
                '".$conn->real_escape_string($last_name)."',
                '".$conn->real_escape_string($email)."',
                '".$conn->real_escape_string($user_password_hashed)."',
                '".$conn->real_escape_string($code)."',
                '0')";

I save the necessary information in my table.

Then I created a new .php file that contains the scripts used to log in to the user.

HTML to login:

<form action="sign-in-script.php" method="POST"> 
    <table style="width:100%"> 
        <tr> 
            <th><input type="text" name="email" required placeholder="Email" /></th>
            <th><input type="password" name="password" required placeholder="Password" /></th>
            <th> <input class="button" id="sign-in-show" type="submit" value="Sign in" name="submit" /> </th>
        </tr>
    </table>
</form>

My sign-in script.php then gets the email address and password using POST:

$email = $_POST['email']; 
$user_password = $_POST['password'];

where then I created a SQL query to check if the letters and password match any stored rows in my table:

SELECT * FROM core_customer_information WHERE email='".$email."' AND password='".$user_password."' LIMIT 1

, , , , db , $_POST, , , , , , .

, , , - db.

php: PHPass

, - , , .

, . , .

+4
1

AND . :

$query = mysqli_query($your_connection, "SELECT username, password FROM users WHERE username = '$username'");

    $result = mysqli_fetch_assoc($query);

    if (mysqli_affected_rows($your_connection) == 1) {
        if (password_verify($password, $result['password'])) {
            return true;
        } else {
            return false;
        }
    } else {
        return false;
    }

edit: 5.5 password_verify, , , ($result['password']) ($password)

http://php.net/manual/en/function.password-hash.php

+3

More articles:


All Articles