Try this,
sha1(password) instead of sha(password).
Orelse try this one,password_hash() function or crypt function.
http://www.php.net/manual/en/function.password-hash.php
Hope this works for you.
Frage
I'm inserted some users into the MySQL database
$register_query = " INSERT INTO user ( name, password, permission_id)
VALUES ( '$username', SHA('$password_01'), '1' ) ";
I wants to read the user table for logging in
require_once('initializing.php');
class DbPlus extends MySQLDatabaseConnection{
public $database;
function __construct()
{
$this->database = parent::connection();
}
public function reading_table($table, $query, $where = null, $limit = null, $order = null){
$query = "SELECT {$query} FROM {$table}";
if ( isset($where) ) {
$query .= " WHERE {$where}";
}
if ( isset($order) ){
$query .= " ORDER BY {$order}";
}
if ( isset($limit) ) {
$query .= " LIMIT {$limit}";
}
// $data = $this->database->query($query);
$data = $this->database->query($query);
$rows = array();
while ( $row = $data->fetch_object() ) {
$rows[] = $row;
}
return $rows;
}
}
$dbplus = new DbPlus;
$login_qry_slct = "id,name,password,permission_id";
$login_qry_whr = "name ='test' AND password = SHA('test')";
$result = $dbplus->reading_table('user', $login_qry_slct, $login_qry_whr );
var_dump($result);
For testing purpose I inserted name=test
, and password=test
. I did it in two ways, with and without SHA(). When I inserted the password 'test' without hashing, the select query works fine (note: it is for testing purposes) and returns the non hashed test user.
$login_qry_whr = "name ='test' AND password = 'test'";
But when I using SHA
$login_qry_whr = "name ='test' AND password = SHA('test')";
Returns array(0) { }
(note: there is hashed version saved in in the user table too)
What am I doing wrong with SHA()?
Lösung
Try this,
sha1(password) instead of sha(password).
Orelse try this one,password_hash() function or crypt function.
http://www.php.net/manual/en/function.password-hash.php
Hope this works for you.
Andere Tipps
Please please don't use SHA* for hashing passwords, instead use a slow key-derivation function like BCrypt or PBKDF2 with a cost factor. The verification cannot be done in an SQL statement directly (because of the salt), so you have to do it in your PHP code:
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_BCRYPT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
I never ran into problems like this by hashing the password in PHP by using the native hash() function.
<?php
$query = "SELECT * FROM table WHERE username = 'test' AND password = '" . hash('sha256', $password) . "'";
?>
Documentation: http://us2.php.net/manual/en/function.hash.php