PHP 7.2.1 … Password_Verify doesn't work [on hold]


PHP 7.2.1 … Password_Verify doesn't work [on hold]



I'm doing a blog. I've got a very simple formular to sign in and another one to connect. Of course i want to crypt the password. It's working for crypting when a new member sign in with password_hash($pass, PASSWORD_DEFAULT)
But when he wants to connect, password_verify($pass, $hash) doesn't work and I always have a FALSE for response so the member can't connect.
I saw a lot of response on this forum. None answers my problem.
In PHPMyADMIN the pass field is a VARCHAR (255).

Here is my code (only in the model ... i'm using POO & MVC).
For the SIGN IN :


password_hash($pass, PASSWORD_DEFAULT)


password_verify($pass, $hash)


FALSE


VARCHAR (255)


public function insertMembre($pseudo, $mail, $pass)
{

$pass = password_hash($pass, PASSWORD_DEFAULT); // Hash pwd

$sql = 'insert into T_MEMBRE (pseudo, mail, pass, date) values(?, ?, ?, ?)';
$date = date(DATE_W3C); // Récupère la date courante
$this->executerRequete($sql, array($pseudo, $mail, $pass, $date)); // with hash pwd inside

}



And the code when connecting


public function getAdminMembre($pseudo, $pass)
{
$resultat = $this->executerRequete("select * from T_MEMBRE where pseudo= '$pseudo'");

$resultat = $resultat->fetch(PDO::FETCH_OBJ);
$hash = $resultat->pass;

$verify = password_verify($pass, $hash);

if($verify) {



I always get FALSE when testing password_verify() with a var_dump(). So the connection to the blog is impossible.
I don't know what's the problem. I tested everything with some var_dump() and everything seems to be correct (I have the right crypted password from database, i have the right password 123 coming from the form ... etc). The password is 123. I can't do more simple and my syntax is exactly equal at the php Manual.


FALSE


password_verify()


var_dump()


var_dump()



Here are my Var_dump of pwd from the formular



string(3) "123"



Var_dump of the pwd extract from database



string(60) $2y$10$Sv6SiQrrMoLOZVPHjPIYieHt/zcpMiEqVsN0ZS0rtJJt.LUmWiJl.



pwd in the database



$2y$10$Sv6SiQrrMoLOZVPHjPIYieHt/zcpMiEqVsN0ZS0rtJJt.LUmWiJl.



Var_dump of password_verify



bool(false)



Update:



The error_log indicates :



/Controleur/ControleurMembre.php(35): Membre->insertMembre('Aldo', 'aldo@gmail.com', '$2y$10$0K1hLrXx...')



/Controleur/Routeur.php(181): ControleurMembre->enregistrerMembre('Aldo', 'aldo@gmail.com', '$2y$10$8mcZOCGr...')



We can see a difference between the two PWD values even if the code is uncomplete.



Here is the method executerRequete :


protected function executerRequete($sql, $params = null) {
if ($params == null) {
$resultat = $this->getBdd()->query($sql); // exécution directe si pas de paramètre
}
else {
$resultat = $this->getBdd()->prepare($sql); // requête préparée si paramètres (empêche les injections SQL)
$resultat->execute($params);
}
return $resultat;
}



This question appears to be off-topic. The users who voted to close gave this specific reason:





Comments are not for extended discussion; this conversation has been moved to chat.
– Yvette Colomb
Jun 29 at 11:04





The functions referenced in your Update are two completely different methods, can you explain why one is Membre->insertMembre( and another is ControleurMembre->enregistrerMembre( ?
– Martin
Jun 29 at 11:36


Membre->insertMembre(


ControleurMembre->enregistrerMembre(





Because in the controler it's called enregistreMembre who calls the method insertMembre. They are differents french word nearly same but different. It's for not melting the differents functions. If the names are too differents you can confuse.
– B.GERMAIN
Jun 29 at 11:43





My router is a 347 lines file so i didn't notice that it was still written "$_POST ['pass'] = password_hash($_POST['pass'], PASSWORD_DEFAULT);". For the issue i deleted the same line in my MODEL file called Membre. I tried to create a new member and it worked. In a second part i tried to call a member created before the correction and was not working. This was a confirmation of a wrong pwd sent in the database. Now each new member has a good pwd and it's perfectly working. Again ... THANK YOU SO MUCH.
– B.GERMAIN
Jun 29 at 12:27





That's good news, it may be best for you to delete this question as it will be of no use to anyone else, now that your issue is solved. I'm glad I could help :-)
– Martin
Jun 29 at 12:48


:-)




Comments

Post a Comment

Popular posts from this blog

paramiko-expect timeout is happening after executing the command

paramiko-expect timeout is happening after executing the command Can someone help me why timeout is happening after executing the command .I am trying to SSH to a machine and execute a command.I want to store the result of the executed command . I have referred paramiko-timeout but i didn't get my expected result. import traceback try: import paramiko except ImportError: raise Exception("Please install paramiko , pip install paramiko") import pexpect from paramiko_expect import SSHClientInteraction def main(): HOSTNAME = "minion5.net" USERNAME = "root" PASSWORD = "help@432" PROMPT = "root@*:~$s+" try: client = paramiko.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(hostname=HOSTNAME, username=USERNAME, password=PASSWORD) with SSHClientInteraction(client, timeout=20, display=True) as interact: ...
Read more

Export result set on Dbeaver to CSV

Export result set on Dbeaver to CSV Normally I use Dbeaver for windows and always export my result set like this: run my query --> select the result --> export the result set --> select export to clipboard --> done This step by step puts my result set in my clipboard and I can paste it wherever I want to work with it. The problem is that now I am using dbeaver for mac and this guide is not working. I can go on until the moment that I select my result set like in the image below: exporting data set But once I go further in the process, in the last step I get: no query Note that in "source" it was suppose to show the query that originated the result set, but instead it says just "select. As a result it does't select my result or anything (besides being "successful"). Normally my query would show up there automatically and I couldn't find any option that corrects this problem in the menus. Please help me! Thanks. Aft...
Read more

Opening a url is failing in Swift

Opening a url is failing in Swift breakpointing inside the callback and logging success shows false. I added itms-apps to my plist: LSApplicationQueriesSchemes and put this in my app delegate: func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { return true } func moreTapped() { let url = NSURL(string: "itms-apps://itunes.com/developer/quantum-productions/id979315877") if #available(iOS 10.0, *) { UIApplication.shared.open(url! as URL, options: [:], completionHandler: {(success: Bool) in }) } else { UIApplication.shared.openURL(url! as URL) } } Are you testing on a real device? – rmaddy Jun 21 at 23:57 I try on a device, get "Cannot Connect to App Store". Device is online ...
Read more