Php and mysql. help with submit form to store details and passwords

footroot72 · July 24, 2023, 1:33pm

do you mean in this line?

// $encrypted_psw = openssl_encrypt($psw, 'AES-256-CBC', $psw_repeate);

WindLother · July 24, 2023, 2:03pm

It depends how $ejecutar_consulta is being defined or used elsewhere in your code.

From your code snippet $ejecutar_consulta is not defined, so it’s difficult to analyse it further. It would be helpful if you could provide the part of your code where $ejecutar_consulta is defined and where it interacts with your database.

WindLother · July 24, 2023, 2:05pm

This is not hashing, this is encryption

footroot72 · July 24, 2023, 2:13pm

I’m trying with this now

$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];
$hashed_psw = password_hash($psw,PASSWORD_DEFAULT,$psw_repeate);



function password_hash($psw, $psw_repeate, $hashed_psw);
    if ($hashed_psw === $psw_repeate) {
        echo"yeeessss";
    }
} else 
{

}

but still work in progress

Firepup650 · July 24, 2023, 2:16pm

Shouldn’t those two variables never be equal?

footroot72 · July 24, 2023, 2:35pm

//verificamos que no exista previamente el email del usuario en la BD
include("conexion.php");
$consulta = "SELECT * FROM contactos WHERE email='$email'";
$ejecutar_consulta = $conexion->query($consulta);
$num_regs = $ejecutar_consulta->num_rows;

this is how $ejecutar_consulta usually works.

footroot72 · July 24, 2023, 2:37pm

yes, probably…
I’m just trying to work it out.
this thing of the verification password is driving me mad.

WindLother · July 24, 2023, 2:44pm

I think it’s better to place the whole SQL execution inside the if clause where the passwords are checked to be identical.

For example:

$psw = $_POST["psw"];
$psw_repeate = $_POST["psw_repeate"];

if ($psw === $psw_repeate) {
    include("conexion.php");
    $consulta = "SELECT * FROM contactos WHERE email='$email'";
    $ejecutar_consulta = $conexion->query($consulta);
    $num_regs = $ejecutar_consulta->num_rows;

    if($num_regs == 0) {
        // To check if there are no existing user with the email
        // You can hash the password before inserting into the database
        $hashed_psw = password_hash($psw, PASSWORD_DEFAULT);
        // And after you hash, insert the data into the database
    } else {
        // The else will tell you that a user with the same email already exists
        // Idk how you want to handle this so I will just leave it empty
    }
} else {
    echo "<br /><span class='mensaje'><h1>The passwords have to be identical</h1></span><br />";
}

Obs.: This is not secure-friendly.

footroot72 · July 24, 2023, 3:07pm

shouldn’t the passwords be verified if they are the same before to send anything to the DB?
should I send one password first and make a query to the DB to see if the passwords match?

because I still struggling to understand how the verification of the passwords works.

WindLother · July 24, 2023, 3:39pm

Actually no, you don’t need to store both passwords in the database or make a database query to verify that the passwords match. This verification is done entirely within your code before interacting with the database.

The entire password confirmation process can happen before the interaction with the database. Once you confirmed that the passwords match you hash the password and store only the hashed password in the database. There’s no need to store the plaintext password or the confirmation password in the database at all.

footroot72 · July 24, 2023, 4:19pm

THANKS TO ALL.
I think i need a bit of a rest and clear my brain.

to be continued

footroot72 · July 24, 2023, 4:23pm

quick question.
does the DB need to have the columns : “psw and psw_repeate” or only hashed_psw?

Firepup650 · July 24, 2023, 4:26pm

The DB should only need to have the hashed password.

footroot72 · July 25, 2023, 3:07pm

hello all,
now I store the hashed password in the DB.

if (trim($_POST['psw']) == '' || trim($_POST['psw_repeate']) == '') {
    echo ('All fields are required!');
} else if ($_POST['psw'] <> $_POST['psw_repeate']) {
    echo ('Passwords do not match!');
}

I added this bit of code to match and trim passwords
with this code
if psw and psw_repeat are empty it does take me to the message … fields are required.
but
if the psw and psw_repeate are 1 1 and 2 2 respectively, should say… passwords no match
but it doesn’t happen
any clues of why doesn’t work?

Firepup650 · July 25, 2023, 3:10pm

Does changing that to != change anything?

footroot72 · July 25, 2023, 3:22pm

yes, the original operator whas !=
I just change it to see if that was the problem.

if (trim($_POST['psw']) == '' || trim($_POST['psw_repeate']) == '') {
    echo ('All fields are required!');
} else if ($_POST['psw'] != $_POST['psw_repeate']) {
    echo ('Passwords do not match!');
}

Firepup650 · July 25, 2023, 5:05pm

Shouldn’t the check be trimmed as well?

footroot72 · July 25, 2023, 5:41pm

I’m not sure really but I don’t think it needs to be trimmed,
what this
($_POST[‘psw’] != $_POST[‘psw_repeate’]) {
echo (‘Passwords do not match!’);
is doing is checking if the psw and psw_repeate are the same trimmed or not.
Am I right?

footroot72:

if (trim($_POST['psw']) == '' || trim($_POST['psw_repeate']) == '') {
    echo ('All fields are required!');
} else if ($_POST['psw'] != $_POST['psw_repeate']) {
    echo ('Passwords do not match!');
}

WindLother · July 25, 2023, 5:59pm

Try to check the actual values of $_POST['psw'] and $_POST['psw_repeate'] to make sure they’re what you expect. You can use var_dump() or print_r() for this:

var_dump($_POST['psw']);
var_dump($_POST['psw_repeate']);

Maybe there’s a typo or the form is not submitting what u expected.