unable to use password_verify in my site.......

Report · Dec 20, 2017

i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help

my code for inserting password in database

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

$pass = $_POST['hhh'];

$epass = password_hash('$pass',PASSWORD_DEFAULT);

$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

GetSQLValueString($epass, "text"),

GetSQLValueString($_POST['hh'], "text"));

mysql_select_db($database_infinityo, $infinityo);

$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

and now my code for log in...which is not working...!

if (isset($_POST['un'])) {

$loginUsername=$_POST['un'];

$password=$_POST['pass'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "Untitled-1.php?u=s";

$MM_redirectLoginFailed = "Untitled-1.php?u=f";

$MM_redirecttoReferrer = false;

mysql_select_db($database_infinityo, $infinityo);

$lpass = password_verify('$password', $row_p['pass']);

$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

$loginStrGroup = "";

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

i have also tried this code but stlii nothing happening ...

if (isset($_POST['un'])) {

$loginUsername=$_POST['un'];

$password=$_POST['pass'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "Untitled-1.php?u=s";

$MM_redirectLoginFailed = "Untitled-1.php?u=f";

$MM_redirecttoReferrer = false;

mysql_select_db($database_infinityo, $infinityo);

$lpass = password_verify('$password', $row_p['pass']);

$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

$row = mysql_fetch_assoc($LoginRS);

$stored_password = $row['password'];

if(password_verify($_POST['password_input'], $stored_password)) {

if ($loginFoundUser) {

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.

Report · Dec 21, 2017

Thank u so much... God bless u... Merry Christmas!

Report · Dec 21, 2017

Where are you setting $database_infinityo and $infinityo?

Is $_POST['hhh'] the password, and $_POST['hh'] the username?

V/r,

^ _ ^

Report · Dec 21, 2017

yep

Report · Dec 21, 2017

WolfShade wrote
Where are you setting $database_infinityo and $infinityo?

They are pulled from a connection file that DW automatically produces.

No wonder the server behaviours were put to bed. Its the most chaotic code l think lve ever come across, still we are talking DW engineers who seem to excel in failure or producing vastly exaggerated coding to do the most basic of operations.

Report · Dec 21, 2017

PHP 5.4 won't work.

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Report · Dec 21, 2017

i m working on

PHP Version 5.6.28

Report · Dec 21, 2017

it is very costly to use server side , dmxzone extensions are very costly for me... i cant afford them, now i have only one way and that is the way i m using now...

i just want to store pass in secured way,

i dont know that much programing,

i dont have money!,

dont have time to learn new progamming language...

so ... dont know what to do now.... i dont wanna give up on this stage.

Report · Dec 21, 2017

iamdpk wrote
i just want to store pass in secured way,
i dont know that much programing,
i dont have money!,
dont have time to learn new progamming language...

You sure have a lot of excuses for not learning to code. Osgood generously gave you some new code to work with. Learn from it.

Nancy

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Report · Dec 21, 2017

page to enter details to database

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

$pass = $_POST['hhh'];

$epass = password_hash('$pass',PASSWORD_DEFAULT);

$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES ('".$epass."' , %s)",

GetSQLValueString($_POST['hh'], "text"));

mysql_select_db($database_infinityo, $infinityo);

$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

$insertGoTo = "Untitled-2.php";

if (isset($_SERVER['QUERY_STRING'])) {

$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

$insertGoTo .= $_SERVER['QUERY_STRING'];

}

header(sprintf("Location: %s", $insertGoTo));

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml 1/DTD/xhtml1-transitional.dtd">

<head>

</head>

<body>

1

<form action="<?php echo $editFormAction; ?>" name="form" method="POST"><input name="hh" type="text" /><input name="hhh" type="text" /><input name="" type="submit" />

</form>

</body>

</html>

page to verify login

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

?>

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

$_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['un'])) {

$loginUsername=$_POST['un'];

$password = $_POST['pass'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "Untitled-2.php?u=s";

$MM_redirectLoginFailed = "Untitled-2.php?u=f";

$MM_redirecttoReferrer = false;

mysql_select_db($database_infinityo, $infinityo);

$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

GetSQLValueString($loginUsername, "text"));

$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

if(password_verify($password, $row['pass'])){

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

</head>

<body>

2

<form ACTION="<?php echo $loginFormAction; ?>" name="2" method="POST"><input name="un" type="text" /><input name="pass" type="text" /><input name="" type="submit" /></form>

<?php

$ep = '$2y$10$UTjqDavj0jdz5rRNz032EO0Eb3kNOHXFmjJCPQ8p6Zltw8sYZIlbe';

if (password_verify('wsx', $ep )) {

echo 'Password is valid!';

} else {

echo 'Invalid password.';

}

?>

</body>

</html>

Adobe Community

unable to use password_verify in my site.......

1 Correct answer

PHP Version 5.6.28