07-02-2022, 07:49 PM
|
|
|
Confirmed User
Industry Role:
Join Date: Oct 2018
Location: New Orleans, Louisiana. / Newcastle, England.
Posts: 1,118
|
Quote:
Originally Posted by zijlstravideo
Or... do you take the user input (password) from the form, then hash it using Bcrypt, before submitting the form?
|
Yes, the user submits their required password and i encrypt it through submit.php when it gets written to the database.
Here is the submit.php file that sends data to SQL...
Quote:
<?php
/* Attempt MySQL server connection.
$link = mysqli_connect("localhost", "user", "pass", "db");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$id = mysqli_real_escape_string($link, $_REQUEST['id']);
$name = mysqli_real_escape_string($link, $_REQUEST['name']);
$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$username = mysqli_real_escape_string($link, $_REQUEST['username']);
$password = mysqli_real_escape_string($link, $_REQUEST['password']);
$phone = mysqli_real_escape_string($link, $_REQUEST['phone']);
// Securing password using password_hash
$secure_pass = password_hash($password, PASSWORD_BCRYPT);
// Attempt insert query execution
$sql = "INSERT INTO Register (name, email, username, password, phone) VALUES ('$name', '$email', '$username', '$secure_pass', '$phone')";
if(mysqli_query($link, $sql)){
echo "";
if(isset($_POST['email'])) {
$email_from="user.com";
$email_to="me.com";
$email_subject="New Update";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $headers);
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// Close connection
mysqli_close($link);
?>
|
I beleive the part in bold should be doing the encrypting correctly and storing it in the 'password' column in the table that im calling from the login script?
__________________
NOTHING TO SEE HERE
|
|
|