-1

I am not a professional developer so my question might sound dumb, sorry for that,

I am making an android app which connects to a database of users whose passwords are stored in hashed format, so I donno how to include this function user_hash_password in my php file so I can hash the inputted password and then match it with the ones in the database, I think you can help me learn that. By the way the passwords already stored, are hashed with the same function.

Thanks a lot in advance for your help :)

 <?php

    $hostname = "localhost";
    $database = "android";
    $username = "root";
    $password = "";
    $localhost = mysql_connect($hostname, $username, $password) 
    or trigger_error(mysql_error(),E_USER_ERROR);
    mysql_select_db($database, $localhost);

    $username = $_POST['username'];
    $password = $_POST['password'];


    $query = "select * from drupal_users where username = '".$username."' AND password = '".$password."'";
    $query_exec = mysql_query($query) or die(mysql_error());

    $rows = mysql_num_rows($query_exec);
    if($rows == 0) {
    echo "No user was found";

    }else {
    echo "User found";
    }

  ?>
laalto
  • 150,114
  • 66
  • 286
  • 303
Moein
  • 1,562
  • 1
  • 15
  • 23
  • possible duplicate of [Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) – Simon Jul 02 '13 at 06:43
  • Hashing your password is useless if you leave your DB open to injections – Damien Pirsy Jul 02 '13 at 06:50
  • 1
    He is obviously is new at this, remind yourself he is asking a legit question albeit not showing a lot of effort. @Moeen could you share what you tried before. The idea of your hashing function is it hashes passwords when saving it to DB and when a user inputs his/her password. So you need to hash the `$_POST['password']` with the same method you stored them with. This way you can actually compare them. – Timmetje Jul 02 '13 at 06:58
  • @timmied, you're right, I want to hash $_POST['password'], I just don't know how to use the function user_hash_password, I put the link of this function in my question, I searched a lot to find an example of using this function but I couldn't find. – Moein Jul 02 '13 at 07:04

2 Answers2

0

First Save Password in Database in md5(password). Than while fetching use 

> $query = "select * from drupal_users where username = '".$username."'
> AND password = '".md5($password)."'";
Sarmad Nazir
  • 21
  • 1
  • 8
  • 1
    Don't use md5, use a better hashing algorithm, a salt and multiple repetitions. Also, it OP wants to use the function he linked, not another one – Damien Pirsy Jul 02 '13 at 06:49
  • I think I said with which function I want to hash, I didnt talk about md5 dude – Moein Jul 02 '13 at 06:58
0

you need to hash the $_POST['password'] with the same method you stored them with.

Just like this:

$password =  user_hash_password($_POST['password']);

You do however need to include the drupal file (includes/password.inc) containing this method.

If your creating an external php file and not a drupal module you should try to research how to include your function.

Calling Drupal functions in external PHP file

Drupal: how to access to Drupal's APIs with a standalone php script?

Or you can reverse engineer the hashing method by just recreating it and looking up needed variables / constants.

In this case DRUPAL_HASH_COUNT.

Community
  • 1
  • 1
Timmetje
  • 7,641
  • 18
  • 36