php - Using password_hash with bindParam -
i'm trying create login system using slim jquery , ajax. i've got log in part working minimal issues, need able hash password. know can use md5, sha1 and/or salt hash know recommenced password_hash used instead. know how hash of other 3 mentioned because while using bindparam can place around variable. question is, how use password_hash bindparam. closest answer found on site didn't help.
my current code is:
$app->post('/adduser/', 'adduser'); function adduser() { $request = \slim\slim::getinstance()->request(); $q = json_decode($request->getbody()); $sql = "insert users(firstname, lastname, username, password) values (:firstname, :lastname, :username, :password)"; try{ $dbconnection(); $stmt=$db->prepare($sql); $stmt->bindparam("firstname", $q->firstname); $stmt->bindparam("lastname", $q->lastname); $stmt->bindparam("username", $q->username); $stmt->bindparam("password", $q->password); $stmt->execute(); $db=null; } catch(pdoexception $e){ echo $e->getmessage(); } } verify code:
$app->post('/login/', 'lonin'); function login() { $request = \slim\slim::getinstance()->request(); $q = json_decode($request->getbody()); $sql = "select * users username=:username"; try{ $db = getconnection(); $stmt=$db->prepare($sql); $stmt->bindparam("username", $q->username); $execute = $stmt->execute(); $db = null; } catch(pdoexception $e) { echo $e->getmessage(); } if($execute == true) { $array = $stmt->fetch(pdo::fetch_assoc); $hashedpassword = $array['password']; if(password_verify($q->password), $hashedpassword)) { echo 'valid'; } else { echo 'invalid'; } } } any appreciated.
to encrypt password need create new variable $hashedpassword store in db each user. when verifying user select user db passing username , using password_verify($passtobeverified,$ourhashedpasswordfromdb) return boolean.
$app->post('/adduser/', 'adduser'); function adduser() { $request = \slim\slim::getinstance()->request(); $q = json_decode($request->getbody()); $hashedpassword = password_hash($q->password, password_bcrypt); $sql = "insert users(firstname, lastname, username, password) values (:firstname, :lastname, :username, :password)"; try { $dbconnection(); $stmt = $db->prepare($sql); $stmt->bindparam(":firstname", $q->firstname); $stmt->bindparam(":lastname", $q->lastname); $stmt->bindparam(":username", $q->username); $stmt->bindparam(":password", $hashedpassword); $execute = $stmt->execute(); if ($execute == true) { $verifyuser = verifyuser($q->password, $q->username); if ($verifyuser == true) { echo 'valid username , password'; } else { echo 'invalid username , password'; } } $db = null; } catch (pdoexception $e) { echo $e->getmessage(); } } function verifyuser($passwordtoverify, $usernametoverify) { // $request = \slim\slim::getinstance()->request(); // $q = json_decode($request->getbody()); //select user data according username $sql = "select firstname, lastname, username, password users username = :username"; try { $dbconnection(); $stmt = $db->prepare($sql); $stmt->bindparam(":username", $usernametoverify); $execute = $stmt->execute(); $db = null; } catch (pdoexception $e) { echo $e->getmessage(); } if ($execute == true) { /* * if query executes , returs user saved user details lets compare * password db , password user has entered */ $array = $stmt->fetch(pdo::fetch_assoc); $hashedpassword = $array['password']; if (password_verify($passwordtoverify, $hashedpassword)) { echo 'password valid!'; return true; } else { echo 'invalid password.'; return false; } } }
Comments
Post a Comment