Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
RevCMS BCRYPT
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MayoMayn" data-source="post: 400822" data-attributes="member: 71840"><p>What the hell kind of password validation is that lmfao. First query line, select password from users where username is post password? Wtf.</p><p>Either way, this wouldn't work, since you're not verifying the posted password, you're just hashing the input and checking it against the one in the database. By this reply, you clearly don't understand how hashing works. Every hash is different from one another, even though if the string is the same, so this wouldn't even be close to working at all.</p><p></p><p>Sent from my SM-G928F using Tapatalk</p><p>[doublepost=1487704547,1487703221][/doublepost][PHP]</p><p></p><p>public function hashPass($string) {</p><p> // I'd just use DEFAULT instead of BCRYPT and a cost.</p><p> return password_hash($string, PASSWORD_BCRYPT, ['cost' => 12]);</p><p>}</p><p>public function login() {</p><p> // Escape here or whatever stupid mysql functions that needs to be used</p><p> $username = mysql_real_escape_string($_POST['username']);</p><p> $password = mysql_real_escape_string($_POST['password']);</p><p> </p><p> // Get the password column from the users table by the username entered</p><p> $user = mysql_query("</p><p> SELECT `password`</p><p> FROM `users`</p><p> WHERE `username` = '{$username}'</p><p> LIMIT 1</p><p> ");</p><p> </p><p> // Check if user exists</p><p> if(mysql_num_rows($user) > 0) {</p><p> // User does exist, then fetch the HASHED password from the table</p><p> $dbpass = mysql_fetch_assoc($user);</p><p> // Verify the typed in password against the hashed in database. Read my above reply to understand why use the verify function instead of hashing the inputted password to check against the one on database. Simply research folks.</p><p> if(password_verify($password, $dbpass)) {</p><p> // Password matched</p><p> // Redirect user etc</p><p> } else {</p><p> // Password was incorrect</p><p> // Echo something out</p><p> }</p><p> } else {</p><p> // User doesnt exist</p><p> // echo something u</p><p> }</p><p>}</p><p>[/PHP]</p></blockquote><p></p>
[QUOTE="MayoMayn, post: 400822, member: 71840"] What the hell kind of password validation is that lmfao. First query line, select password from users where username is post password? Wtf. Either way, this wouldn't work, since you're not verifying the posted password, you're just hashing the input and checking it against the one in the database. By this reply, you clearly don't understand how hashing works. Every hash is different from one another, even though if the string is the same, so this wouldn't even be close to working at all. Sent from my SM-G928F using Tapatalk [doublepost=1487704547,1487703221][/doublepost][PHP] public function hashPass($string) { // I'd just use DEFAULT instead of BCRYPT and a cost. return password_hash($string, PASSWORD_BCRYPT, ['cost' => 12]); } public function login() { // Escape here or whatever stupid mysql functions that needs to be used $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); // Get the password column from the users table by the username entered $user = mysql_query(" SELECT `password` FROM `users` WHERE `username` = '{$username}' LIMIT 1 "); // Check if user exists if(mysql_num_rows($user) > 0) { // User does exist, then fetch the HASHED password from the table $dbpass = mysql_fetch_assoc($user); // Verify the typed in password against the hashed in database. Read my above reply to understand why use the verify function instead of hashing the inputted password to check against the one on database. Simply research folks. if(password_verify($password, $dbpass)) { // Password matched // Redirect user etc } else { // Password was incorrect // Echo something out } } else { // User doesnt exist // echo something u } } [/PHP] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
RevCMS BCRYPT
Top