so I'm working on this 2 PHP Files, login.php and DB_Functions.php
there is a specific script in there that is receiving a password and email from the application finding that specific user using the given email and store all the user details in a $user array and pass it over to login.php that check if the password entered is correct or not, i've tried hash'ing the password since on the DB its encrypted with 64 BIT.
this is login.php (the problem is probably in the if($user[7] == $password) which isn't working).
<?php
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['email']) && isset($_POST['password'])) {
// receiving the post params
$email = $_POST['email'];
$password = $_POST['password'];
// get the user by email and password
$user = $db->getUserByEmailAndPassword($email, $password);
if ($user != false) {
if($user[7] == $password){
// user is found
$response["error"] = FALSE;
$response["uid"] = $user[0];
$response["user"]["name"] = $user[1];
$response["user"]["email"] = $user[2];
$response["user"]["created_at"] = $user[3];
$response["user"]["updated_at"] = $user[4];
echo json_encode($response);
}else {
// user is not found with the credentials
$response["error"] = TRUE;
$response["error_msg"] = "Login password credentials are wrong. Please try again!".$checkkk;
echo json_encode($response);
}} else {
// user is not found with the credentials
$response["error"] = TRUE;
$response["error_msg"] = "Login credentials are wrong. Please try again!";
echo json_encode($response);
}
}
?>
this is the DB_Function.php file ill add only the corresponding functions.
/**
* Get user by email and password
*/
public function getUserByEmailAndPassword($email, $password) {
$stmt = $this->conn->prepare("SELECT unique_id,name,email,created_at,updated_at, encrypted_password , salt FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
if ($stmt->execute()) {
$stmt->store_result();
$num_of_rows = $stmt->num_rows;
$stmt->bind_result($aid, $aname, $aemail, $acreated_at, $aupdated_at , $aencrypted_password , $asalt);
while ($stmt->fetch()) {
$user[0] = $aid;
$user[1] = $aname;
$user[2] = $aemail;
$user[3] = $acreated_at;
$user[4] = $aupdated_at;
$user[5] = $aencrypted_password;
$user[6] = $asalt;
$user[7] = $this->checkhashSSHA($asalt, $password);
}
$stmt->free_result();
$stmt->close();
return $user;
} else {
return NULL;
}
}
/**
* Check user is existed or not
*/
public function isUserExisted($email) {
$stmt = $this->conn->prepare("SELECT email from users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
// user exists
$stmt->close();
return true;
} else {
// user not exists
$stmt->close();
return false;
}
}
/**
* Encrypting password
* @param password
* returns salt and encrypted password
*/
public function hashSSHA($password) {
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
/**
* Decrypting password
* @param salt, password
* returns hash string
*/
public function checkhashSSHA($salt, $password) {
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
}
?>
I'm assuming that the problem is at $user[7] = $this->checkhashSSHA($asalt, $password); line.
looking forward for a solution.
