Login/Register
SHA 512 hashing and verifying
Asked Answered
Solved phphashsha512
I

2

7

Alright so Im trying to verify password with SHA 512, but no matter what it still returns false like the hash check is not correct.

Generating hash when registering

$hashed = password_hash(hash('sha512', $password), PASSWORD_DEFAULT);

And to verify (upon login) I use simple 

public function isValidLogin($username, $password) {
    $sql = $this->connect();
    $sql->real_escape_string($username);
    $sql->real_escape_string($password);

    $res = $sql->query("SELECT password FROM users WHERE name='".$username."'");

    if ($res->num_rows >= 1) {
        while($row = $res->fetch_assoc()) {
            if (password_verify(hash('sha512', $password), $row['password'])) {
                return true;
            }
        }
    }

    return false;
}
Indemnify answered 13/1, 2017 at 19:31 Comment(6)
What you execly store in password? Everything looks good: sandbox.onlinephpfunctions.com/code/…Confluent
Does your database field has enough length for storing hash?Superintendent
Well Im using 256 characters for the passwordIndemnify
Make sure that value of $hashed is written to database completely.Superintendent
Well I think is, Im getting 128 characters saved, this is how its saved 9db2fda4438e3180bc3440b6ef52c98b58be9b657bf031f824bf9882d813f0c5b0ada477dad414ac188a758da49fc5236396652b0dc140a6629a62abcbe6b78bIndemnify
$sql->real_escape_string($username); does nothing with the returned value. You need to assign the result to something like $username = $sql->real_escape_string($username);Muleteer
R
14

Try this code at time of registering instead of your code. 

 $hashed = hash("sha512", $password);
Rayford answered 13/1, 2017 at 19:40 Comment(0)
E
4
// original password
$_password = 'bluebeans123';

$password = hash('sha512', $_password);
$password = password_hash($password, PASSWORD_DEFAULT);

var_dump($password);

$verify = hash('sha512', $_password);
$verify = password_verify($verify, $password);

var_dump($verify);

Elaborate example: http://wiki.travisfont.com/PHP:Passwords(hash_w/_SHA512)

Extremadura answered 23/3, 2018 at 10:4 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.