Using bcyrpt?

[Jemz]

Can someone please tell me how bcrypt works, I was able to encrypt my data

        require_once('bcrypt.inc.php');
        // And use the new password_hash() function to encrypt using bcrypt with a 10 cost
        $string = password_hash($string, PASSWORD_BCRYPT, array("cost" => 10));
        // Then return it to the calling function
        return $string;

However when it comes to logging in, the hash just keeps on changing so the hash never matches if you get what I mean.

 

[Sledmore]

Are you using the password_verify function?

You must be registered for see links

 

[Jemz]

Are you using the password_verify function?

You must be registered for see links

Yes, I may of set it up wrong though obviously not very experienced.

        require_once('bcrypt.inc.php');
   
        $username     = $core->clean( $username );
        $password     = $core->clean( $password );
        $hash           = $core->encrypt( $password );
        $password_ver = password_verify( $password, $hash );
   
        $query = $db->query("SELECT * FROM users WHERE username = '{$username}' AND password = '{$password_ver}'");

 

[Kryptos]

password_rerify returns a boolean, you're querying "AND password = 'true'"

 

[Sledmore]

Yeah, it should be; password_verify(RawPassword, DatabaseHash), no need to encrypt it again.

 

[Jemz]

password_rerify returns a boolean, you're querying "AND password = 'true'"

Hmm so how would I incorporate it in a query so it can log a user in ?

 

[Weasel]

Hmm so how would I incorporate it in a query so it can log a user in ?

Get the hashed password from the database, and do a if statement with password_verify, if it returns true the password is correct, otherwise return an error.

If you are making something you want to release, I don't advice using those functions as not many people are already using PHP5.5.

 

[Ollie]

require_once('bcrypt.inc.php');
 $username = $core->clean( $username );
$password = $core->clean( $password );
 $query = $db->query("SELECT * FROM users WHERE username = '{$username}' ");
$array = $db->assoc( $query );
if(password_verify($password, $array['password'])) {
//Log the user in
} else {

echo "Wrong password";

}

Seems like radiPanel structure.

 

[Jemz]

require_once('bcrypt.inc.php');
$username = $core->clean( $username );
$password = $core->clean( $password );
$query = $db->query("SELECT * FROM users WHERE username = '{$username}' ");
$array = $db->assoc( $query );
if(password_verify($password, $array['password'])) {
//Log the user in
} else {

echo "Wrong password";

}

Seems like radiPanel structure.

That's because it is radipanel, securing it up a bit.

 

[Ollie]

@Jemz If you do it let me know, I had a go the other other day lmao, but it broke re-direct for some reason.
Anyway im guessing this is for ThisBoon lol.
Im Ollie the guy that gave you YouBoons v2 lmao, just got a bent name on here.

 

[Jemz]

@Jemz If you do it let me know, I had a go the other other day lmao, but it broke re-direct for some reason.
Anyway im guessing this is for ThisBoon lol.
Im Ollie the guy that gave you YouBoons v2 lmao, just got a bent name on here.

Nah its for something else and will do.

 

[Ollie]

@Jemz Did you manage to get it to work?