mardi 27 juillet 2021

Compare a string password with laravel Encrypted Password?

I have a laravel website that hashes password on registeration.

I then created simple android application where you can login to the website.

I figured out that I can't login because both passwords are different. The one on the database is hashed while the posted is not!

So I thought of hashing the password before comparing it to database and it was such a stupid idea.

I tried to compare the string to the stored hashed password, here is my login.php:

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use App\Http\Controllers\Controller;
 
 
 
 $email = $_POST["email"];
 $password = $_POST["password"];
 $token = $_POST["token"];
 
 $hashedPassword = User::find(1)->password;

if (Hash::check($password, $hashedPassword)) {
    return $hashedPassword;
}
 
    $con=mysqli_connect("localhost", "XXXX", "XXXX", "u787462475_secreta");
    
 

    
 $sql = "SELECT * FROM users WHERE email = '$email' AND password = '$hashedPassword'";
 $result = mysqli_query($con, $sql);
 if($result){
     if (mysqli_num_rows($result)>= 1 ) {
         $json_array['user_details'] = array();
            while($row = mysqli_fetch_assoc($result)){
                $json_array['user_details'][] = $row;
            }

         if($response = array("success" => "1", "user_details" => $json_array, "message"=>"You have been logged in successfully")){


             
         }


     }else{
         $response = array("success" => "0", "message"=>"Please enter valid email and password");
     }
 }else{
      $response = array("success" => "0", "message"=>"Server error");
 }
 
 header('Content-type: application/json');
 echo json_encode($response);
 ?>

I included needed blades such as controller,hash, and request. I then returned $hashedPassword and put it in the sql statement like this: password = '$hashedPassword'

still can't login unless provide the hashed password itself!!

PS: the login.php file that connects android app with database is located at public_html and I made sure blades USE directory are correct.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire