very good,
I have two simple forms. One to register and one to connect. When registering it I hash it with PASSWORD_BCRYPT and it is stored perfectly. Then when going through the other form, the login form, it fails me with the correct password. I don't understand where the error can be and I've already given it a lot of thought. Let's see if your clinical eye gets me out of trouble
What am I doing wrong?
<?php
function conexion(){
try{
$conexion = new PDO('mysql:host=localhost;dbname=mauricio','root', '');
return $conexion;
}catch(PDOException $e){
return false;
}
}
$conexion = conexion();
if(!$conexion){
echo 'error';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="usuario" placeholder="Nombre de Usuario">
<input type="text" name="pass" placeholder="Contraseña">
<input type="submit" name="boton" value="registrar">
</form>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="usuario" placeholder="Nombre de Usuario">
<input type="text" name="pass" placeholder="Contraseña">
<input type="submit" name="boton" value="enviar">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['boton'] == 'registrar'){
$user = $_POST['usuario'];
$pass = $_POST['pass'];
$pass_hash = password_hash($pass, PASSWORD_BCRYPT);
$sentencia = $conexion->prepare("INSERT INTO login(id, usuario, pass) VALUE(NULL, :usuario, :pass)");
$sentencia->execute(array('usuario' => $user, 'pass' => $pass_hash));
}elseif($_POST['boton'] == 'enviar'){
$user = $_POST['usuario'];
$pass = $_POST['pass'];
$sentencia = $conexion->prepare("SELECT * FROM login WHERE usuario = :usuario");
$sentencia->execute(array(':usuario' => $user));
$passw = $sentencia->fetch();
$passw = $passw[2];
if(password_verify($pass, $passw)){
echo 'muy bien!';
}else{
echo 'noooooo';
}
}
}
?>
</body>
</html>
Thank you very much
You could try that when you register leave it like this:
in
'PASSWORD_DEFAULT'
because you usePASSWORD_BCRYPT
when you are going to define anSALT
otherwise you should only usePASSWORD_DEFAULT
, because after that it does not have any other error unless, as they told you, see if your database field is large enough to correctly store thehash
.