Password failing using Bcrypt -

-

so far bcrypt has had no problems until now. reason following password won't work. uio78349%^&(]\\';= first time i've had password not work , hope has explanation. hunted net , read character limit below that. not sure if makes difference user input password going through mysqli_real_escape_string.

first batch of code login form located:

<?php session_start(); ?>  <html> <body> <form method="post" action="sidebar-signin-block.php">          <table width="90%" border="0" align="center" bgcolor="white">               <tr>                 <td bgcolor="ffffff" colspan="2" align="center"><h2>user login</h2></td>             </tr>              <tr>                 <td align="right">email:</td>                 <td><input type="text" name="email"></td>             </tr>              <tr>                 <td align="right">password:</td>                 <td><input type="password" name="password"></td>             </tr>              <tr>                 <td colspan="2" align="center"><input type="submit" name="login" value="login"></td>              </tr>              <tr>                 <td colspan="2" align="center"><h3 style="margin-top:7px;"><a href="nonadmin_user_forgot_password.php" target="_blank" title="reset lost password">forgot password?</a></h3></td>             </tr>               <tr>                 <td bgcolor="#ffffff" colspan="2" align="center"><div style="padding-top:5px;"><span style="font-size:20px;">don't have account?<br /><a href="/includes/register-user.php" title="register us!" target="_self">sign up</a> <em>quick</em> , <em>easy</em>!</span></div></td>          </table>     </form>      <?php   // connecting database , making bcrypt functions available include("admin/includes/connect.php"); include ("lib/password.php");  // gathering , sanitizing user login input if(isset($_post['login'])){      $email = trim(((isset($conn) && is_object($conn)) ? mysqli_real_escape_string($conn, $_post['email']) :((trigger_error  ("[mysqlconvertertoo] fix mysql_escape_string() call! code not work.", e_user_error)) ? "" : "")));          $pass = trim(((isset($conn) && is_object($conn)) ? mysqli_real_escape_string($conn, $_post['password']) : ((trigger_error   ("[mysqlconvertertoo] fix mysql_escape_string() call! code not work.", e_user_error)) ? "" : "")));           // checking database records user login input         $hash_query = "select nonadmin_user_pass nonadmin_user_login email='$email'";{                 $run_query = mysqli_query($conn, $hash_query);}                 while ($row = mysqli_fetch_assoc($run_query)) {                 $fetch_pass = $row['nonadmin_user_pass'];                     }         // if user email , password matches start session                                        if ((password_verify($pass, $fetch_pass)) == 1){                // verifying user login success splash page sending user home page               $_session['email']=$email;               echo "<script>window.open('login-success.php','_self')</script>";}      // when user login fails alert given inform them     else {     echo "<script>alert('email or password incorrect please try again')</script>";     echo "<script>window.open('index.php','_self')</script>";}   } ?> </body> </html>

here js.

<script>$(document).ready(function(){ $("#login").click(function(){ var email = $("#email").val(); var password = $("#password").val(); // checking blank fields. if( email =='' || password ==''){ $('input[type="text"],input[type="password"]'); $('input[type="text"],input[type="password"]'); alert("please fill fields."); }else { $.post("log-me-in.php",{ email1: email, password1:password}, function(data) { if(data=='invalid email.......') { $('input[type="text"]'); $('input[type="password"]'); alert(data); }else if(data=='email or password wrong please try again.'){ $('input[type="text"],input[type="password"]'); alert(data); } else if(data=='successfully logged in.'){ window.location.reload(); $("form")[0].reset(); $('input[type="text"],input[type="password"]'); alert(data); } else{ alert(data); } }); } }); });</script>

here's php being called:

<?php  session_start(); // connecting database , making bcrypt functions available include("admin/includes/connect.php"); include ("lib/password.php");  $email=$_post['email1']; // fetching values url. $password= ($_post['password1']);  // check if e-mail address syntax valid or not //$email = filter_var($email, filter_sanitize_email); // sanitizing email(remove unexpected symbol <,>,?,#,!, etc.) //if (!filter_var($email, filter_validate_email)){ //echo "invalid email......."; //}else{ // matching user input email , password stored email , password in database. $result = mysqli_query($conn, "select * nonadmin_user_login email='$email'"); $data = mysqli_fetch_array($result); $bcrypt_pass = $data['nonadmin_user_pass']; $email_match = $data['email'];  if (password_verify ($password, $bcrypt_pass) == 1 , $email == $email_match) {  $_session['email']=$email; echo "successfully logged in."; }  else{ echo "email or password wrong please try again"; }  //} ?>  here user registration code password gets entered before mail verification:      <html>     <head>     <title>register @ recycling kansas city</title>      <meta charset="utf-8" />     <meta name="viewport" content="width=device-width, initial-scale=1.0">     <link rel="stylesheet" type="text/css" href="/styles/register-user.css" media="all">      <!-- ie compatibility -->     <!--[if ie]>     <meta http-equiv="x-ua-compatible" content="ie=edge,chrome=1">     <![endif]-->      <!--[if lt ie 9]>     <script src="site/javascript/bootstrap/html5shiv.js"></script>     <![endif]-->      <meta content="recycling kansas city, recycling centers, recycling locations" name="keywords">     <meta content="recycling kansas city efficient resource find recycle center nearby. use our map find locations , accepted items." name="description">          </head>        <h1 class="center">why register @ recycling kansas city?</h1>      <p>by registering here gain access additional features. once registered can create own custom profile, submit , comment on blog articles, advertise products or services , have choice opt in email announcements.</p>      <p>all of information securely stored in our database , can delete account @ time. also, rest assured never share of submitted details ever.</p>      <form method="post" action="register-user.php">              <table width="520" border="10" align="center" bgcolor="white">                   <tr>                     <td bgcolor="ffffff" colspan="2" align="center"><h1>registration</h1></td>                 </tr>                  <tr>                     <td align="right">email</td>                     <td><input type="text" name="email" size="53"></td>                 </tr>                  <tr>                     <td align="right">password:</td>                     <td><input type="password" name="pwd" size="53"></td>                 </tr>                 <tr>                     <td align="right">user name:</td>                     <td><input type="text" name="name" size="53"></td>                 </tr>                  <tr>                     <td colspan="2" align="center"><input type="submit" name="register" value="register"></td>                 </tr>              </table>         </form>     </html>        <?php      include ("../admin/includes/connect.php");     include ("../lib/password.php");      $con = new mysqli("localhost", "$username", "$password", "$database");      /* check connection */     if (mysqli_connect_errno()) {         printf("connect failed: %s\n", mysqli_connect_error());         exit();     }      if(isset($_post['register'])){      $email = trim(mysql_escape_string($_post['email']));      $nonadmin_user_pass = trim(mysql_escape_string($_post['pwd']));      $password = password_hash($nonadmin_user_pass, password_bcrypt);      $nonadmin_user_name = trim(mysql_escape_string($_post['name']));      $query_verify_email = "select * nonadmin_user_login email ='$email' , verified = 1";      $verified_email = mysqli_query($con,$query_verify_email);      if (!$verified_email) {      echo ' system error';     }      if (mysqli_num_rows($verified_email) == 0) {      // generate unique code:      $hash = md5(uniqid(rand(), true));      $query_create_user = "insert `nonadmin_user_login` (`email`, `nonadmin_user_pass`, `nonadmin_user_name`,  `hash`) values ('$email', '$password', '$nonadmin_user_name', '$hash')";      $created_user = mysqli_query($con,$query_create_user);      if (!$created_user) {      echo 'query failed ';     }      if (mysqli_affected_rows($con) == 1) { //if insert query successfull.      $subject = 'activate email';      $headers = "from: admin@recyclingkansascity.com \r\n";      $headers .= "mime-version: 1.0\r\n";      $headers .= "content-type: text/html; charset=iso-8859-1\r\n";      $url= 'http://recyclingkansascity.com/includes/register-verify.php?email=' . urlencode($email) . "&key=$hash";      $message ='<p>to activate account please click on activate buttton</p>';      $message.='<table cellspacing="0" cellpadding="0"> <tr>';      $message .= '<td align="center" width="300" height="40" bgcolor="#000091" style="-webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px;      color: #ffffff; display: block;">';      $message .= '<a href="'.$url.'" style="color: #ffffff; font-size:16px; font-weight: bold; font-family: helvetica, arial, sans-serif; text-decoration: none;      line-height:40px; width:100%; display:inline-block">click activate</a>';      $message .= '</td> </tr> </table>';      mail($email, $subject, $message, $headers);      echo '<p class="center">a confirmation email      has been sent <b>'. $email.' </b></p><p class="center">please <strong>click</strong> on <strong><em>activate</em> button</strong> activate account.</p> ';      } else { // if did not run ok.      echo '<div>you not registered due system      error. apologize      inconvenience.</div>';      }      }      else{      echo '<div>email registered</div>';}      }     ?>

so far never hiccup on password until password @ top of post? weird if ask me.

remove calls mysqli_real_escape_string() password input, functions password_hash() , password_verify() accept binary input , not prone sql-injection. assume solves problem. escaping should done late possible , given target system, function mysqli_real_escape_string() should called build sql query.

then function password_verify() returns boolean, no need compare == 1.

if (password_verify($pass, $fetch_pass)) {   ... }

if doesn't solve problem, make sure every page uses utf-8 file format , defined in header.


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

[C++][SFML 2.2] Strange Performance Issues - Moving Mouse Lowers CPU Usage -

-
i've been working on making 2d map editor past 2 weeks or so, , i've run strange problem. trying optimize code, example, making functions should've been functions begin with, did made cpu usage go through roof. i've tried commenting out different sections of code thought culprits (scrolling, rendering, other calculations) no avail. think issue might trying call things within different functions, sake of making modular possible, i'd functionality. the other major change i've made since file i'm comparing i've ported variables external cpp file, since having variables global makes lot easier use within different functions. simple issue, can't life of me understand why happens. with original code, around 2-3% cpu usage. new code, around 20-35%, but, if move mouse around, it'll drop around 6-8%. tl;dr: after trying optimize code using functions, i've somehow killed performance, , found strange quirk moving mouse reduces cpu usage.. /...
Read more

ios - Possible to get UIButton sizeThatFits to work? -

-
i have been using method of resizing uibuttons depreciated, , not robust. , other reasons, want sizethatfits work uibuttons. i've read online, i'm not sure if should work (seems working some, not others, difference maybe between style, i'm using custom). here simple test code recreate issue (i put in viewdidload test, shouldn't matter, , real code part of large project): uibutton *btn = [uibutton buttonwithtype:uibuttontypecustom]; [btn settitle:@"this test long title need word wrap more single line when displayed on tiny ipod in portrait view." forstate:uicontrolstatenormal]; btn.titlelabel.linebreakmode = uilinebreakmodewordwrap; // depreciated - nothing replace it? cgrect r = btn.frame; r.origin.x = 0; r.origin.y = 0; r.size.width = 320; r.size.height = [btn.titlelabel.text sizewithfont:btn.titlelabel.font constrainedtosize:cgsizemake(r.size.width,100000) linebreakmode:btn.titlelabel.linebreakmode].height; // returns approx 86 , changes correctly ...
Read more