Vegeta ZA

T

There's another function for checking a password:

http://php.net/manual/en/function.password-verify.php

Thanks, fixed!

After making it insert all the hashes into the database, I made a login form which is supposed to use the original FName and Password to log into the system. I have an issue with the password field, if I insert the original password, it does not work, but if I enter the hash that it generated then it is successful. I've altered the code to make it change the string entered into a hash so that it matches the one in the database but it does not work.

Can anyone tell me what I did wrong or help me correct the code?

include 'DBConn.php';
  mysql_select_db("test") or die ("Unable to select database!");
  if(isset($_POST['FName'])){ $FName = $_POST['FName']; } 
  if(isset($_POST['Password'])){ $Password = password_hash($Password = $_POST['Password']); }
      
      
  
          if( empty($FName) || empty($Password) )
             echo "Username and Password Mandatory - from PHP";
         else
         {
     
     $sql = "SELECT count(*) FROM tbl_User where(
                 FName='$FName' 
                 AND 
                 Password='$Password')";
                 
         $res = mysql_query($sql);
         $row = mysql_fetch_array($res);
  
         if( $row[0] > 0 )
          echo "Login Successful";
         else
          echo $sql;
         }    

Here's the PDO code for reference:

//insert from text file

$host = 'localhost';
$dbname = 'test';
$PDO = new PDO("mysql:dbname=$dbname; host=$host");
$file = file('userData.txt');
$query = $PDO->prepare('INSERT into tbl_User(ID, FName, LName, Email, Password) values (?, ?, ?, ?, ?)');

foreach($file as $row) {
  $milestone = explode(';',$row);
  $milestone[4] = password_hash($milestone[4], PASSWORD_DEFAULT);
  $query->execute($milestone);
}

echo "Done!";

mysqli_close($DBConnect);
?>

I managed to make it work 100% using the PDO method, thanks everyone for your input!

why are you calling it myPDO? The name of the class is PDO

http://php.net/manual/en/book.pdo.php

I

why are you calling it myPDO? The name of the class is PDO

http://php.net/manual/en/book.pdo.php

I've changed the code again because when I do it this way, I get everything else to work so it is easier for me to understand. I got everything working besides the hash into the database, is it possible to make it hash the passwords into the array that inserts it into the database? When I do it by using $milestone_query .= "('$milestone[0]', '$milestone[1]', '$milestone[2]', '$milestone[3]', '$milestone[4]')"; it inserts the original passwords into the database but when I do $milestone_query .= "('$milestone[0]', '$milestone[1]', '$milestone[2]', '$milestone[3]', 'password_hash($milestone[4], DEFAULT_PASSWORD)')"; it inserts the string for password_hash etc. Is it possible to make it insert the hash passwords into the database without using the PDO method and by doing it the way I am asking?

 

 

//insert from text file

if(isset($_POST['ID']))

{

$ID = $_POST['ID'];

}

if(isset($_POST['FName']))

{

$FName = $_POST['FName'];

}

if(isset($_POST['LName']))

{

$LName = $_POST['LName'];

}

if(isset($_POST['Email']))

{

$Email = $_POST['Email'];

}

if(isset($_POST['Password']))

{

$Password = $_POST['Password'];

$Password = password_hash($Password, PASSWORD_DEFAULT);

}

mysql_select_db("test") or die ("Unable to select database!");

$file = file('C:\wamp\www\a1\userData.txt'); # read file into array

$count = count($file);

if($count > 0) # file is not empty

{

$milestone_query = "INSERT into tbl_User(ID, FName, LName, Email, Password) values";

$i = 1;

foreach($file as $row)

{

$milestone = explode(';',$row);

$milestone_query .= "('$milestone[0]', '$milestone[1]', '$milestone[2]', '$milestone[3]', '$milestone[4]')";

$milestone_query .= $i < $count ? ',':'';

$i++;

}

mysql_query($milestone_query) or die(mysql_error());

}

echo "Done!";

The query has errors in it. You are supposed to have literal question marks which act as placeholders for data.

 

Don't just copy code without knowing what it does. Read this article about prepared statements to understand what the example code I gave you does: http://php.net/manual/en/pdo.prepared-statements.php

I understand what you mean, I've changed it again.

Fatal error: Class 'myPDO' not found in C:\wamp\www\a1\createTable.php on line 34 for the line of code?

Here's my new code:

 

//insert from text file

$host = 'localhost';

$dbname = 'test';

$pdo = new myPDO('mysql:host=$host;dbname=$dbname', 'C:\wamp\www\a1');

$file = file('userData.txt');

$sql = 'INSERT INTO tbl_User (FName, LName, Email, Password) VALUES ';

 

foreach (

$file as $records) {

 

$record = explode(";", $records);

 

$query[] = '(:FName' . $n . ', :LName' . $n . ', :Email' . $n . ', :Password' . $n . ')';

 

 

$iData['FName' . $n] = $record[1];

$iData['LName' . $n] = $record[2];

$iData['Email' . $n] = $record[3];

$password = password_hash($record[4], PASSWORD_DEFAULT);

$iData['Password' . $n] = $password;

 

$n += 1;

}

 

if (!empty(

$query)) {

$sql .= implode(', ', $query);

$stmt = $pdo->prepare($sql);

$result = $stmt->execute($iData);

}

 

try {

 

} catch (

Exception $exc) {

echo

$exc->getTraceAsString();

}

I've changed up my code but I get this error now: Fatal error: Call to a member function execute() on a non-object in C:\wamp\www\a1\createTable.php on line 44 which is $query->execute($milestone);

I'm not sure why it has a problem with the execute statement?

Here's the code:

//insert from text file
if(isset($_POST['ID'])){ $ID = $_POST['ID']; } 
if(isset($_POST['FName'])){ $FName = $_POST['FName']; } 
if(isset($_POST['LName'])){ $LName = $_POST['LName']; } 
if(isset($_POST['Email'])){ $Email = $_POST['Email']; } 
if(isset($_POST['Password'])){ $Password = $_POST['Password']; }  


  


$file = file('userData.txt');
$query = $DBConnect->prepare('INSERT into tbl_User(ID, FName, LName, Email, Password) values ($ID, $FName, $LName, $Email, $Password)');
foreach($file as $row) {
  $milestone = explode(';',$row);
  $milestone[4] = password_hash($milestone[4], PASSWORD_DEFAULT);
  $query->execute($milestone);
}
    mysql_query($milestone_query) or die(mysql_error());


echo "Done!";




mysqli_close($DBConnect);

It doesn't need to be secure because it's just work for college, they want us to do it that way so it's not going to be used for anything else so it doesn't need to do anything but just work. I'll try this method later, thank you for your input!

I have a problem inserting passwords from a text file into a database using md5 hashes. It inputs everything else from the text file as it should but I don't know how to get it to input unique hash values using the 'Password' fields from the text file. I know the problem is with the array and it is not done correctly, can anyone help me fix this?

 //insert from text file
    
     $Password = $_POST['Password'];
     $passwordmd5 = md5 ($Password); 
  
     mysql_select_db("test") or die ("Unable to select database!"); 
  $file = file('C:\wamp\www\a1\userData.txt'); # read file into array
  $count = count($file);
  if($count > 0) # file is not empty
 {
     $milestone_query = "INSERT into tbl_User(ID, FName, LName, Email, Password) values";
     $i = 1;
     foreach($file as $row)
     {
         $milestone = explode(';',$row);
         $milestone_query .= "('$milestone[0]',  '$milestone[1]', '$milestone[2]', '$milestone[3]', '$passwordmd5')";
         $milestone_query .= $i < $count ? ',':'';
         $i++;
     }
     mysql_query($milestone_query) or die(mysql_error());
 }
 echo "Done!";