Confused implementing Bcrypt

Question

Here's the code I have, but I'm confused when it comes to hashing passwords using Bcrypt:

<?php
session_start();
include_once('bcrypt.php');

$db_host = 'localhost';
$db_user = '';
$db_pass = '';
$db_name = 'credentials';

if (!isset($_POST['userName']))
{
    echo 'You did not enter a valid username.';
    exit;
}

if (!isset($_POST['pass']))
{
    echo 'You did not enter a valid password.';
    exit;
}

$con = new mysqli($db_host, $db_user, $db_pass, $db_name);
if ($con->connect_error)
{
    die('Connect Error (' . $con->connect_errno . ') ' . $con->connect_error);
}

$sql = "SELECT userName, pass FROM `Members` WHERE userName = ?";
if (!$result = $con->prepare($sql))
{
    die('Query failed: (' . $con->errno . ') ' . $con->error);
}

if (!$result->bind_param('s', $_POST['userName']))
{
    die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}

if (!$result->execute())
{
    die('Execute failed: (' . $result->errno . ') ' . $result->error);
}

$result->store_result();
if ($result->num_rows == 0)
{
    die('There is no such username in our database.');
}

$result->bind_result($db_username, $db_password);
$result->fetch();
$result->close();
$con->close();

$bcrypt = new Bcrypt(15);
if ($bcrypt->verify($pass, $db_password))
{
    $_SESSION['userName'] = $db_username;
    header('location:index.html');
    exit;
}
else
{
    echo 'Incorrect username or password.';
}

Here is the error I'm getting after I click the submit button to login:

Warning: include_once(bcrypt.php): failed to open stream: No such file or  
directory in C:\Users\Julian Buscema\Desktop\Subpost.me\htdocs\connectivity-  
login.php on line 3
Warning: include_once(): Failed opening 'bcrypt.php' for inclusion  
(include_path='.;C:\Users\Julian Buscema\Desktop\Subpost.me\php\PEAR') in  
C:\Users\Julian Buscema\Desktop\Subpost.me\htdocs\connectivity-login.php on line 3
You did not enter a valid username.

I belive I'm missing bcrypt.php but I've never worked with Bcrypt so I'm not too sure where to go from here.

@self So what could the error be meaning? The code I posted is my connectivity-login.php by the way. — Julian Buscema, Oct 22 '14 at 00:08

user3786134 · Answer 1 · 2014-10-22T00:35:59.833

0

The problem is with your include file, bcrypt.php is missing from your root directory , you do not need to use Bcrypt like this because Bcrypt is already implemented in php and you can use a function instead.

edited Oct 22 '14 at 00:35

answered Oct 22 '14 at 00:02

user3786134

361
1
6
21

The file I posted above is connectivity-login.php, but I'm missing the bcrypt.php file because I found the my connectivity-login.php online, but I've edited it. – Julian Buscema Oct 22 '14 at 00:07
I'm not too sure what you mean, basically what I'm trying to accomplish is a register and login system using a local MySQL server. I have completed the register functioning and it creates a "fullname", "userName", "email" and "pass" table under the name "credentials" but I'm trying to create the login section now. – Julian Buscema Oct 22 '14 at 00:11
I can't find a bcrypt.php file anywhere really, I went into the root folder of my server and went into php, pear, PEAR and Crypt but I can't find bcrypt.php anywhere :/ – Julian Buscema Oct 22 '14 at 00:26
I noticed this part in the error message ".;C:\Users\Julian Buscema\Desktop\Subpost.me\php\PEAR", so I tried following that path but mine is more like this "Users - Julian Buscema - Desktop - Subpost.me - php - pear - PEAR" then there's no bcrypt.php file in both of the pear folders. – Julian Buscema Oct 22 '14 at 00:29
Where would I find the file and where would I upload it to? – Julian Buscema Oct 22 '14 at 00:30
http://php.net/manual/en/function.password-hash.php and http://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php will help you – user3786134 Oct 22 '14 at 00:33

Confused implementing Bcrypt

1 Answers1