LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page PHP 5.5 Password Hashing not working
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-31-2015, 11:17 PM   #1
sraidr69
Member
 
Registered: Mar 2015
Posts: 59

Rep: Reputation: Disabled
PHP 5.5 Password Hashing not working

I have followed this site to use a password hashing. Using simple test data - password = "mypw". I have saved the password hash as "$2y$10$PeQGxwKQVq70fwPtznH70.fJER/BVYB7u5xl0E" yet when I use
Code:
password_verify($password, $hash)
the stored hash and the login password never match. Does anyone have any ideas on this?
Here is the entire code...

Insert code...
Code:
$hash = password_hash($password, PASSWORD_DEFAULT);
    $str="Insert into users (username, password, fname, lname, email, regdate, book) Values (?, ?, ?, ?, ?, ?,'n')";
    $param = array($username, $hash, $fname, $lname, $email, $rdate);
    $stmt = $pdo->prepare($str);
    $rst = $stmt->execute($param);
Login Code...
Code:
$sql = "SELECT * FROM `users` WHERE `username` = '$username'"; 
    $result = $pdo->prepare($sql); 
    $result->execute(); 
    $rst = $result->fetchObject(); 
    //echo $sql . "<br>";
    
    $dbhash = $rst-> password;
    echo "DB=" . $dbhash . "<br>";
    echo "PW=" . $password . "<br>";
    if (password_verify($password, $dbhash)) {
       echo "Success!";
    }
    else {
       echo "Invalid credentials";
    }
 
Old 01-01-2016, 04:47 AM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,591

Rep: Reputation: 145Reputation: 145
$dbhash = $rst-> password;

I recommend to remove the space before passsword. What do the echo statements give out?
 
Old 01-01-2016, 10:33 AM   #3
norobro
Member
 
Registered: Feb 2006
Distribution: Debian Sid
Posts: 792

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Two thoughts:
  1. Is your database column wide enough? From here:
    Quote:
    it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
  2. Assuming the login password is keyboard input, try calling trim() on it.
 
Old 01-01-2016, 02:42 PM   #4
sraidr69
Member
 
Registered: Mar 2015
Posts: 59

Original Poster
Rep: Reputation: Disabled
The password $hash in the db is good. It returns..."$2y$10$PeQGxwKQVq70fwPtznH70.fJER/BVYB7u5xl0E". Trim also did not help and I removed the " " before the password field.
 
Old 01-01-2016, 03:59 PM   #5
norobro
Member
 
Registered: Feb 2006
Distribution: Debian Sid
Posts: 792

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Your code works for me on a two column database:
Code:
mysql> describe users;
+----------+--------------+------+-----+---------+-------+
| Field    | Type         | Null | Key | Default | Extra |
+----------+--------------+------+-----+---------+-------+
| username | varchar(20)  | NO   | PRI | NULL    |       |
| password | varchar(255) | YES  |     | NULL    |       |
+----------+--------------+------+-----+---------+-------+
2 rows in set (0.00 sec)
Code:
$ php -v
PHP 5.6.14 (cli) (built: Oct  9 2015 12:04:25) (DEBUG)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
Code:
<?php
    $pdo = new PDO('mysql:host=localhost;dbname=test;charset=utf8', 'user', 'passwd');
    $password="mypw";
    $username="anyone";

    $hash = password_hash($password, PASSWORD_DEFAULT);
    $str="Insert into users (username, password) Values (?, ?)";
    $param = array($username, $hash);
    $stmt = $pdo->prepare($str);
    $rst = $stmt->execute($param);

//  $password = "somepassword";   // uncomment to get invalid credentials

    $sql = "SELECT * FROM `users` WHERE `username` = '$username'"; 
    $result = $pdo->prepare($sql); 
    $result->execute(); 
    $rst = $result->fetchObject(); 
    //echo $sql . "<br>";

    $dbhash = $rst-> password;
    echo "DB=" . $dbhash . "<br>";
    echo "PW=" . $password . "<br>";
    if (password_verify($password, $dbhash)) {
       echo "Success!";
    }
    else {
       echo "Invalid credentials";
    }
?>
Last edited by norobro; 01-01-2016 at 07:58 PM. Reason: Had $username in lieu of $password on commented line
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Password Hashing Best Practice LXer Syndicated Linux News 0 06-10-2015 10:12 AM
Hashing a Password using Makepasswd/MD5 metallica1973 Linux - General 4 04-02-2012 03:39 PM
Hashing multiple user:password combinations (sha) Jean-Luc Besson Linux - Software 5 12-28-2011 06:28 AM
linux password hashing indienick Programming 5 05-18-2006 02:12 PM
Command-line 'adduser': password not hashing Talesin Fedora 0 10-08-2004 08:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:24 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration