- This topic is empty.
-
AuthorPosts
-
September 29, 2015 at 3:55 pm #208972cscodismithParticipant
I am picking up a project I had earlier that I have never finished and am trying to get it finished with the help from the css-tricks community. I have the registration function working great (It places new users into the database). The only problem that I am having with the project is validating the users and checking the hashed passwords. The messed up code is in the login.php file. This is the last step that I need to complete and am a bit lost on how to do so. I have already read an article about password hasing and password verify but haven’t really got proper instructions from it to complete the task.
Best regards,
CodiSeptember 29, 2015 at 5:32 pm #208975drose379ParticipantCan you explain why you are making the query to the DB in the
login.php
script? Seems like you’re not doing anything with the resultsSeptember 29, 2015 at 6:16 pm #208976cscodismithParticipantNot quite sure why I am. Didn’t know that it belongs elsewhere – I am currently just trying to create a functional login / registration system. I am not yet using the script live to have users navigate around the page / special pages for those users that have logged in. Just a simple registration / login project I am trying to complete here.
September 29, 2015 at 6:18 pm #208977drose379ParticipantSure, what you need to do before you do any coding is have a map of each step you want to accomplish, all the way up to the working system. Do you have that ready? If not, create it. This will help you see where you are getting confused, and will help you get better and more useful help from others.
September 29, 2015 at 6:21 pm #208978cscodismithParticipantWell no not really at this time. I am just trying to get this script finished so that I can use this on any upcoming projects that I may have. Its more of a source to go back to and grab when I want to put a login / registration function onto a website I am working on. This is going onto HeartFX but there is nothing more to this project other then making it functional at this time.
September 29, 2015 at 6:22 pm #208979drose379ParticipantOK, can we have a list of what you DO have working, and what you DONT have working? And maybe we can go from there.
September 29, 2015 at 6:35 pm #208980cscodismithParticipantMy apologies everything is working fine other then verifying users upon login (Checking to make sure the user is registered into the database as well as the password matches the hashed password they enter) – Lines 41-46 in the login.php file.
September 29, 2015 at 6:36 pm #208981drose379ParticipantOk, are you saving the plain text password in the DB, or are you saving the hash?
September 29, 2015 at 7:27 pm #208983cscodismithParticipantSeptember 29, 2015 at 7:34 pm #208984drose379ParticipantAre you sure the hash is only 30 characters long?
September 29, 2015 at 7:36 pm #208985cscodismithParticipantI think its because of the structure of the database field(s) password and cpassword both are set to a VARCHAR of 30. Do I need to change it to something else?
September 29, 2015 at 7:37 pm #208986drose379ParticipantWell that depends on how long the hash is, look up the password_hash() function in the php.net docs and see how long the resulting hash is. Then set the password column length to the expected length of the hash.
September 29, 2015 at 7:38 pm #208987drose379ParticipantThe docs say that a 255 char column would be a good choice, since hash lengths with the
password_hash
function may change over time.September 29, 2015 at 7:40 pm #208988cscodismithParticipantI just changed it to the proper character amount of 60. That was the maximum amount of characters that it generated when the varchar was set to 255.
September 29, 2015 at 7:42 pm #208989drose379ParticipantOk, this is a start. Now what do you think you want to do next? Take the users plain text password input, and compare it with the hashed password you have saved that corresponds to the username they put in, right?
-
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.