I have a laravel website that hashes password on registeration.
I then created simple android application where you can login to the website.
I figured out that I can't login because both passwords are different. The one on the database is hashed while the posted is not!
So I thought of hashing the password before comparing it to database and it was such a stupid idea.
I tried to compare the string to the stored hashed password, here is my login.php:
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use App\Http\Controllers\Controller;
$email = $_POST["email"];
$password = $_POST["password"];
$token = $_POST["token"];
$hashedPassword = User::find(1)->password;
if (Hash::check($password, $hashedPassword)) {
return $hashedPassword;
}
$con=mysqli_connect("localhost", "XXXX", "XXXX", "u787462475_secreta");
$sql = "SELECT * FROM users WHERE email = '$email' AND password = '$hashedPassword'";
$result = mysqli_query($con, $sql);
if($result){
if (mysqli_num_rows($result)>= 1 ) {
$json_array['user_details'] = array();
while($row = mysqli_fetch_assoc($result)){
$json_array['user_details'][] = $row;
}
if($response = array("success" => "1", "user_details" => $json_array, "message"=>"You have been logged in successfully")){
}
}else{
$response = array("success" => "0", "message"=>"Please enter valid email and password");
}
}else{
$response = array("success" => "0", "message"=>"Server error");
}
header('Content-type: application/json');
echo json_encode($response);
?>
I included needed blades such as controller,hash, and request. I then returned $hashedPassword and put it in the sql statement like this: password = '$hashedPassword'
still can't login unless provide the hashed password itself!!
PS: the login.php file that connects android app with database is located at public_html and I made sure blades USE directory are correct.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire