Password is not hashed.

Asked 2 years ago, Updated 2 years ago, 430 views

environment

mamp
php7.4
mysql 5.7
phpmyadmin


What you want to do and what you can't do

The current feature is that after registering with signup.php and saving the name, password column to the users table, you can redirect it to check.php, where check.php retains and displays the values posted with signup.php in the session.
If you try to hash the password for this feature, you will experience a problem where the values are not stored in the table.
Before hashing, of course, the value was saved in the users table after a successful new registration.


Procedures and Results

Use the sha1 method and password_hash.

signup.php

<?php

session_start();
require('../dbconnect.php');

if($_POST['name']==='){
 $error['name'] = 'blank';
}

if($_POST['password']==='){
 $error['password'] = 'blank';
}

if(!empty($_POST['name']&$_POST['password'])){
 $_SESSION ['join'] = $_POST;
 $name = $_POST ['name'];
// From here~⭐️
 // $password=$_POST ['password']; 
 $password=password_hash($_POST['password'], PASSWORD_DEFAULT);
 // $password=sha1($_POST['password']);
// That's it

 $sql = 'INSERT into users(name, password) values(?,?)';
 $stmt = $db->prepare($sql);
 $stmt->execute(array($name,$password)));
 // $stmt = null;
 // $db = null;

 header('Location:check.php');
 exit();
}

?>
<!DOCTYPE html>
<html lang="ja">

<head>
 <metacharset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>New Registration Screen</title>
</head>

<body>
 <form action="method="POST">
  name
  <input type="text" name="name" id="value="<?php print(htmlspecialchars($_POST['name'],ENT_QUOTES));?>">
  <?php if($error['name']==='blank'): ?>
   <p style="color:red;">Please enter a name</p>
  <?php endif;?>
  <div>
   password
   <input type="text" name="password" value="<?php print(htmlspecialchars($_POST['password'],ENT_QUOTES));?>">
   <?php if($error['password']==='blank'): ?>
    <p style="color:red;">Please enter your password</p>
   <?php endif;?>
   <input type="submit" name="signup" value="New registration">
  </div>
 </form>
</body>

</html>

check.php

<?php
session_start();
require('../dbconnect.php');
if(!isset($_SESSION['join'])){
 header('Location:./signup.php');
 exit();
}
?>
<p><?php print(htmlspecialchars($_SESSION['join']['name'],ENT_QUOTES));?></p>
<p> Password not disclosed</p>
<a href="./signup.php">Back </a>

The result is
Either password_hash or sha1 did not enter the users table.However, the session retention was successful and you can view the check.php redirect and the retained values.

What I've tried 2
Attempted to get mysql error message in var_dump.

if(!empty($_POST['name']&$_POST['password'])){
 $_SESSION ['join'] = $_POST;
 $name = $_POST ['name'];
 $password=$_POST ['password'];
 // $password=password_hash($_POST['password'], PASSWORD_DEFAULT);
 // $password=sha1($_POST['password']);
 $sql = 'INSERT into users(name, password) values(?,?)';
 $stmt = $db->prepare($sql);
 $mysql_data=$stmt->execute(array($name,$password)));
 var_dump($mysql_data);
 exit();

 header('Location:check.php');
 exit();
}

In this case, the sha1 method, password_hash is false, or true if not in use.

3
Tries Use the errorCode method.
https://www.php.net/manual/ja/pdo.errorcode.php Here's what you can find

<?php
try{
 $db = new PDO ('mysql:dbname=kadai3_1; host=127.0.0.1; charset=utf8', 'root', 'root');
} catch(PDOException$e){
 echo "Connection error: ".$e->getMessage();
}

if(!empty($_POST['name']&$_POST['password'])){
 $_SESSION ['join'] = $_POST;
 $name = $_POST ['name'];
 $password=$_POST ['password'];
 // $password=password_hash($_POST['password'], PASSWORD_DEFAULT);
 // $password=sha1($_POST['password']);
 $sql = 'INSERT into users(name, password) values(?,?)';
 $stmt = $db->prepare($sql);
 $mysql_data=$stmt->execute(array($name,$password)));
 echo$db->errorCode();
 exit();

 header('Location:check.php');
 exit();
}

sha1, password_hash, no hashing, all of these cases show 5 zeros.To be honest, I haven't considered why this happened at all.

Enter a description of the image here

The URL of the article I referred to is as follows.
https://www.php.net/manual/ja/function.password-hash.php
https://www.php.net/manual/ja/function.sha1.php

url
of the branch that tried to hash but couldn't https://github.com/masal9pse/internTasks/tree/hash_password/task3/kadai1/views
Unhashed, successful input branch
https://github.com/masal9pse/internTasks/tree/master/task3/kadai1/views

If you have any advice, please let me know.

php mysql

2022-09-30 21:53

1 Answers

After increasing the character limit in the users table, the problem was successfully resolved.I was disappointed by a simple mistake.
I learned a lot from the person who answered the question.Thank you.


// create_users_table.php
<?php
try{
    $db = new PDO ('mysql:dbname=kadai3_1; host=127.0.0.1; charset=utf8', 'root', 'root');
} catch(PDOException$e){
    echo "Connection error: ".$e->getMessage();
}

// Create SQL for table creation
$sql = 'CREATE TABLE users(
    id INT(11)AUTO_INCREMENT PRIMARY KEY,
    name VARCHAR(20),
// When I changed the original 11 characters to 100 characters, I was able to hash both sha1 and password_hash.
 password VARCHAR(100),
    registry_datetime DATETIME
) engine = innodb default charset =utf8';

// Run SQL
$res=$db->query($sql);
echo' connection was successful.';


2022-09-30 21:53

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.