2

My blowfish is ok when I want to sign up and my pass is hashed, but now i have problem to login with hashed password. When I try to login with regular password it's ok, but when i try to login with hashed password i get a blank page!

This is my sign up page: 

include "/inc/common.inc";
require_once("function.php");

$db_link = db_connect();
$username = $_POST["username"];
$password = $_POST["password"];
$ime = $_POST["firstname"];
$prezime = $_POST["lastname"];  
$email = $_POST["email"];
$adresa = $_POST["adress"];



$algo = '$2a$10$';

$salt = uniqid('', true);   

$hash = crypt($password, $algo . $salt);    
$new_hash = crypt($password, $algo . $salt);
$password = $new_hash;


$query1 = "select * FROM clanovi where password = 'password'";
$result1 = mysql_query($query1, $db_link);
$row = mysql_fetch_row($result1);

if ($row[0]) {
    $koriniskPostoji = "Podatci o korisniku vec postoje";
    header("Location: unos_kupca.php?obavestenje=$koriniskPostoji");
} else {
    $set_password = $row['password'];
    //$input_password = crypt($password, $set_password);
    $link =  "login_form.php";
    $query1 = "insert into clanovi (username, password, ime, prezime, email, adresa) VALUES 
                ('$username', '$password', '$ime', '$prezime', '$email', '$adress')";

        }
    $result1 = mysql_query($query1, $db_link);
    header("Location: $link");

And this is my log in code, problem is when I input password it is not same crypt as it is in my database. For example for password "ceca18" in my database password is "$2a$10$55b79dc175242" and when I crypt in login form and echo it password result is "$2a$10$55b9fa6a14cce6.655217u9GC57hawJckzLbM0BRD5dVzFVALmwAi". I don't have idea how to fix it, so help if you have some idea! 

include "/inc/common.inc";

$servername = "localhost";
$username = "root";
$password = "";

$conn = new mysqli($servername, $username, $password);

session_start();
$korisnik = $_POST["Username"];
$password = $_POST["password"];

$algo = '$2a$10$';

$salt = uniqid('', true);   

$hash = crypt($password, $algo . $salt);    
$new_hash = crypt($password, $algo . $salt);
//$new_hash = $password;

if (crypt($password, $algo . $salt) == $password) {
    $db_link = db_connect();
$query ="select * from CLANOVI WHERE username = '$korisnik' AND password = '$password' ";

$result = mysql_query($query, $db_link);
$row_clanovi = mysql_fetch_array($result);

if ($row_clanovi[0] == null) {
    $pogresniPodaci = "Podaci su pogresno uneti ili niste registrovani";
    //header("Location: login.php?pogresniPodaci=$pogresniPodaci");

}
else {
    $set_password = $row['password'];
    //$input_password = crypt($password, $set_password);
    $link = "index.html";
header("Location: sign_up.php");

}
}
else{
    echo "Can't work";
    //echo $password;
    echo "<br>";
    echo $new_hash;
}
Milan Poznan
  • 307
  • 4
  • 18

0 Answers0