I have finished the following Tutorial: http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
All is fine. But when I try to log in I can use any password and I get access.
How can I modify the function with the result that I need the right password for the login.
public function getUserByEmailAndPassword($email, $password) {
$stmt = $this->conn->prepare("SELECT * FROM users WHERE name = ?");
$stmt->bind_param("s", $email);
if ($stmt->execute()) {
$user = $stmt->get_result()->fetch_assoc();
$stmt->close();
return $user;
} else {
return NULL;
}
}
I tried following code, but with this code I don't get access anymore.
public function getUserByEmailAndPassword($email, $password) {
$sql = "SELECT * FROM users WHERE email = ?";
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$result = $this ->conn->query($sql);
if ($stmt->execute()) {
$user = $stmt->get_result()->fetch_assoc();
$hashed_password = $this->checkhashSSHA($user["salt"],$password);
if($hashed_password == $user["encrypted_password"]){
$stmt->close();
return $user;
}
else{
$stmt->close();
return NULL;
}
}
else {
$stmt->close();
return NULL;
}
$stmt->close();
}
There are this hash functions. Maybe there are problems with it?!
/**
* Encrypting password
* @param password
* returns salt and encrypted password
*/
public function hashSSHA($password) {
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
/**
* Decrypting password
* @param salt, password
* returns hash string
*/
public function checkhashSSHA($salt, $password) {
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}