-1

I am not a professional developer so my question might sound dumb, sorry for that,

I am making an android app which connects to a database of users whose passwords are stored in hashed format, so I donno how to include this function user_hash_password in my php file so I can hash the inputted password and then match it with the ones in the database, I think you can help me learn that. By the way the passwords already stored, are hashed with the same function.

Thanks a lot in advance for your help :)

 <?php

    $hostname = "localhost";
    $database = "android";
    $username = "root";
    $password = "";
    $localhost = mysql_connect($hostname, $username, $password) 
    or trigger_error(mysql_error(),E_USER_ERROR);
    mysql_select_db($database, $localhost);

    $username = $_POST['username'];
    $password = $_POST['password'];


    $query = "select * from drupal_users where username = '".$username."' AND password = '".$password."'";
    $query_exec = mysql_query($query) or die(mysql_error());

    $rows = mysql_num_rows($query_exec);
    if($rows == 0) {
    echo "No user was found";

    }else {
    echo "User found";
    }

  ?>
Improve this question
4
  • possible duplicate of Secure hash and salt for PHP passwords Commented Jul 2, 2013 at 6:43
  • Hashing your password is useless if you leave your DB open to injections Commented Jul 2, 2013 at 6:50
  • 1
    He is obviously is new at this, remind yourself he is asking a legit question albeit not showing a lot of effort. @Moeen could you share what you tried before. The idea of your hashing function is it hashes passwords when saving it to DB and when a user inputs his/her password. So you need to hash the $_POST['password'] with the same method you stored them with. This way you can actually compare them. Commented Jul 2, 2013 at 6:58
  • @timmied, you're right, I want to hash $_POST['password'], I just don't know how to use the function user_hash_password, I put the link of this function in my question, I searched a lot to find an example of using this function but I couldn't find. Commented Jul 2, 2013 at 7:04

2 Answers 2

Reset to default
0

you need to hash the $_POST['password'] with the same method you stored them with.

Just like this:

$password =  user_hash_password($_POST['password']);

You do however need to include the drupal file (includes/password.inc) containing this method.

If your creating an external php file and not a drupal module you should try to research how to include your function.

Calling Drupal functions in external PHP file

Drupal: how to access to Drupal's APIs with a standalone php script?

Or you can reverse engineer the hashing method by just recreating it and looking up needed variables / constants.

In this case DRUPAL_HASH_COUNT.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

First Save Password in Database in md5(password). Than while fetching use 

> $query = "select * from drupal_users where username = '".$username."'
> AND password = '".md5($password)."'";
Improve this answer

2 Comments

Don't use md5, use a better hashing algorithm, a salt and multiple repetitions. Also, it OP wants to use the function he linked, not another one
I think I said with which function I want to hash, I didnt talk about md5 dude

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.