do you mean in this line?
// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);
do you mean in this line?
// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);
It depends how $ejecutar_consulta
is being defined or used elsewhere in your code.
From your code snippet $ejecutar_consulta
is not defined, so itâs difficult to analyse it further. It would be helpful if you could provide the part of your code where $ejecutar_consulta
is defined and where it interacts with your database.
This is not hashing, this is encryption
Iâm trying with this now
$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];
$hashed_psw = password_hash($psw,PASSWORD_DEFAULT,$psw_repeate);
function password_hash($psw, $psw_repeate, $hashed_psw);
if ($hashed_psw === $psw_repeate) {
echo"yeeessss";
}
} else
{
}
but still work in progress
Shouldnât those two variables never be equal?
//verificamos que no exista previamente el email del usuario en la BD
include("conexion.php");
$consulta = "SELECT * FROM contactos WHERE email='$email'";
$ejecutar_consulta = $conexion->query($consulta);
$num_regs = $ejecutar_consulta->num_rows;
this is how $ejecutar_consulta usually works.
yes, probablyâŚ
Iâm just trying to work it out.
this thing of the verification password is driving me mad.
I think itâs better to place the whole SQL execution inside the if
clause where the passwords are checked to be identical.
For example:
$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];
if ($psw === $psw_repeate) {
include("conexion.php");
$consulta = "SELECT * FROM contactos WHERE email='$email'";
$ejecutar_consulta = $conexion->query($consulta);
$num_regs = $ejecutar_consulta->num_rows;
if($num_regs == 0) {
// To check if there are no existing user with the email
// You can hash the password before inserting into the database
$hashed_psw = password_hash($psw, PASSWORD_DEFAULT);
// And after you hash, insert the data into the database
} else {
// The else will tell you that a user with the same email already exists
// Idk how you want to handle this so I will just leave it empty
}
} else {
echo "<br /><span class='mensaje'><h1>The passwords have to be identical</h1></span><br />";
}
Obs.: This is not secure-friendly.
shouldnât the passwords be verified if they are the same before to send anything to the DB?
should I send one password first and make a query to the DB to see if the passwords match?
because I still struggling to understand how the verification of the passwords works.
Actually no, you donât need to store both passwords in the database or make a database query to verify that the passwords match. This verification is done entirely within your code before interacting with the database.
The entire password confirmation process can happen before the interaction with the database. Once you confirmed that the passwords match you hash the password and store only the hashed password in the database. Thereâs no need to store the plaintext password or the confirmation password in the database at all.
THANKS TO ALL.
I think i need a bit of a rest and clear my brain.
to be continued
quick question.
does the DB need to have the columns : âpsw and psw_repeateâ or only hashed_psw?
The DB should only need to have the hashed password.
hello all,
now I store the hashed password in the DB.
if (trim($_POST['psw']) == '' || trim($_POST['psw_repeate']) == '') {
echo ('All fields are required!');
} else if ($_POST['psw'] <> $_POST['psw_repeate']) {
echo ('Passwords do not match!');
}
I added this bit of code to match and trim passwords
with this code
if psw and psw_repeat are empty it does take me to the message ⌠fields are required.
but
if the psw and psw_repeate are 1 1 and 2 2 respectively, should say⌠passwords no match
but it doesnât happen
any clues of why doesnât work?
Does changing that to !=
change anything?
yes, the original operator whas !=
I just change it to see if that was the problem.
if (trim($_POST['psw']) == '' || trim($_POST['psw_repeate']) == '') {
echo ('All fields are required!');
} else if ($_POST['psw'] != $_POST['psw_repeate']) {
echo ('Passwords do not match!');
}
Shouldnât the check be trimmed as well?
Iâm not sure really but I donât think it needs to be trimmed,
what this
($_POST[âpswâ] != $_POST[âpsw_repeateâ]) {
echo (âPasswords do not match!â);
is doing is checking if the psw and psw_repeate are the same trimmed or not.
Am I right?
Try to check the actual values of $_POST['psw']
and $_POST['psw_repeate']
to make sure theyâre what you expect. You can use var_dump()
or print_r()
for this:
var_dump($_POST['psw']);
var_dump($_POST['psw_repeate']);
Maybe thereâs a typo or the form is not submitting what u expected.