1

I get a password from database and it is stored in the $password variable with "" (Double quotes). I want to change the $password variable value with '' (single quotes). How can I change this? When I test with a static value, $password = '$2y$10$wFgLkiJbc7MQ0aY6H7bZwehm45CFlvpSBvZmHs9m8euqPmDlP0mIK'; it is ok and the password is valid. My problem is look like this link.

php password_hash and password_verify issues no match

How to solve $password? 

$password = $result['Password'];

This is my code:

$get_email = $_POST['email'];
$get_password = $_POST['password'];

$result = $conn->prepare("select * from user where Email='$get_email'");
$result->execute();

    foreach ($result as $result) {
        $id = $result['ID'];
        $password = $result['Password'];


        if (password_verify($get_password, $password)) {
            echo 'Password is valid!';
        } else {
            echo 'Invalid password.';
        }

    }
Community
  • 1
  • 1
Su Yatanar
  • 13
  • 7
  • Is `code` quotes? With the formatting of the question I don't know what is code and what the question is. I also don't know what "code" is in your explanation and title. – chris85 Jul 14 '16 at 03:31
  • I already edit my question. Please help me. :) – Su Yatanar Jul 14 '16 at 04:04
  • ' and " is quotes in english. Do you mean quotes by code? If not, what do you mean by Double code and single code? – Ivan Jul 14 '16 at 04:14
  • Or you mean that password hashed double times? – Ivan Jul 14 '16 at 04:24
  • Sorry, I mean quotes. How to change string double quotes to single quotes. When I test with $password = '$2y$10$wFgLkiJbc7MQ0aY6H7bZwehm45CFlvpSBvZmHs9m8euqPmDlP0mIK'; Password is valid. – Su Yatanar Jul 14 '16 at 05:41

3 Answers3

0

when you use double quotes it will be used as a variable because of there was '$' in your string, while when you use single quotes it will be used as a char

Mervyn
  • 26
  • 3
0

At the moment i can propose you only one idea. What about modify a bit your mysql query? Something like 

$conn->prepare("select * from user where Email='$get_email'" and `Password` = '$get_password');

If this query will return empty result you can show 'Invalid password'. Not very good solution, but should work.

Dmitry
  • 43
  • 9
  • $get_password is original password and not same in the database password because of hash function. :) – Su Yatanar Jul 14 '16 at 08:12
  • in this case just use something like this $password = password_hash($get_password, PASSWORD_DEFAULT); and insert variable $password in your mysql query – Dmitry Jul 14 '16 at 08:13
  • No. My problem is like this. http://stackoverflow.com/questions/19855715/php-password-hash-and-password-verify-issues-no-match?answertab=votes#tab-top – Su Yatanar Jul 14 '16 at 08:19
  • When I test with $password = '$2y$10$wFgLkiJbc7MQ0aY6H7bZwehm45CFlvpSBvZmHs9m8euqPmDlP0mIK'; Password is valid. – Su Yatanar Jul 14 '16 at 08:20
  • Sure, but your goal is check password, isn't it? For a first look you can check it on mysql side only, because in example password "$2y$10$qTfvt1KJzslkXGG.o.f6YOiWnV7TX8G4PaUo0zmU84RzAaETsLaia" php interprets like few variables. And this variables are udefined. Why don't you want to change mysql query? – Dmitry Jul 14 '16 at 08:25
  • I can't write like these `$conn->prepare("select * from user where Email='$get_email'" and `Password` = '$get_password');` because `$password = password_hash($get_password, PASSWORD_DEFAULT);` is not same result. My password is 123456. When I register twice with two account, hash are not same. So, I can't change mySQL. – Su Yatanar Jul 14 '16 at 08:33
0

I was facing the same problem with my code. I retrieve the hashed password from database and then use the password_verify() to verify it against entered password. In order for the code to work with no problem the hashed password retrieved from the database must be trimmed using trim(). Sample code here:

public function verifylogin() {
        //this is an array with user credentials from login form 
        $usercred = $this->input->post();

        //this will check in user model and return password, etc. where name is equal to entered name
        $userdb = $this->User_model->check($usercred);
        $userdbpass = trim($userdb[0]['pass']); //trim is very critical !!!

       //now we check if the text pass is equal to hashed one
        if (password_verify($usercred['password'], $userdbpass)) {
            $sess_data = array('login' => TRUE, 'username' => $usercred['username'], 'type' => $usercred['type']);
            $this->session->set_userdata($sess_data);
            redirect(base_url());
        } else {
            $this->session->set_flashdata('msg', 'Wrong Username or Password!');
            //If no session, redirect to login page
            redirect(base_url() . 'users/login');
        }
    }
Abdelsalam Shahlol
  • 1,621
  • 1
  • 20
  • 31