I'm trying to update my current database from plain text passwords to hashes passwords using crypt().. I'm trying to do this without users having to change their passwords (this is an instable approach) My code is like so:
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
while ($Query->fetch()){
$Hashed = $FrameWork->Hash_Password($Password);
$Secondary_Query = $Database->prepare("UPDATE userlist SET Password=?, Salt=? WHERE ID=?");
$Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
$Secondary_Query->execute();
$Secondary_Query->close();
}
$Query->close();
I'm getting the error:
Fatal error: Call to a member function bind_param() on a non-object in C:\inetpub\www\AdminChangeTextPass.php on line 24
Now. I know my column names are 100% match aswell as my database names. I also know my variables are correctly set.
Debugging
Debugging:
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
while ($Query->fetch()){
echo $Password."<br>";
}
$Query->close();
// Returns:
//test
//test
Then:
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
while ($Query->fetch()){
print_r($FrameWork->Hash_Password($Password));
}
$Query->close();
/*
Returns:
Array ( [Salt] => ÛûÂÒs8Q-h¸Ý>c"ÿò [Password] => Ûûj1QnM/Ui/16 )
Array ( [Salt] => ÛûÂÒs8Q-h¸Ý>c"ÿò [Password] => Ûûj1QnM/Ui/16 )
*/
Database Schema
CREATE TABLE IF NOT EXISTS `userlist` (
`ID` int(255) NOT NULL AUTO_INCREMENT,
`Username` varchar(255) NOT NULL,
`Password` varchar(255) NOT NULL,
`Salt` text NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ;
--
-- Dumping data for table `userlist`
--
INSERT INTO `userlist` (`ID`, `Username`, `Password`, `Salt`) VALUES
(1, 'test', 'test', ''),
INSERT INTO `userlist` (`ID`, `Username`, `Password`, `Salt`) VALUES
(2, 'test', 'test', '');
Having my code look like this:
$Secondary_Query = $Database->prepare("UPDATE userlist SET Password=? WHERE ID=?");
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist LIMIT 1");
var_dump($Secondary_Query);
#$Query->execute();
#$Query->bind_result($ID,$Username,$Password);
# while ($Query->fetch()){
# $Hashed = $FrameWork->Hash_Password($Password);
# $Secondary_Query = $Database->prepare("UPDATE userlist SET Password=? WHERE ID=?");
# $Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
# $Secondary_Query->execute();
# $Secondary_Query->close();
# }
#$Query->close();
The var_dump($Secondary_Query); returns:
object(mysqli_stmt)#3 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(2)["field_count"]=> int(0) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(1) }
And var_dump($Query); returns:
object(mysqli_stmt)#4 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(0) ["field_count"]=> int(3) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(2) }
As I cannot submit an answer as of yet.. My working code is as followed:
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
$Query->store_result();
while ($Query->fetch()){
$Hashed = $FrameWork->Hash_Password($Password);
$Secondary_Query = $Database->prepare("UPDATE userlist SET Password=?, Salt=? WHERE ID=?");
$Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
$Secondary_Query->execute();
$Secondary_Query->close();
}
$Query->close();
