How can I decrypt a password hash in PHP?

by

Bcrypt is a one-way hashing algorithm, you can’t decrypt hashes. Use password_verify to check whether a password matches the stored hash:

<?php
// See the password_hash() example to see where this came from.
$hash="$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq";

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

In your case, run the SQL query using only the username:

$sql_script="SELECT * FROM USERS WHERE username=?";

And do the password validation in PHP using a code that is similar to the example above.

The way you are constructing the query is very dangerous. If you don’t parameterize the input properly, the code will be vulnerable to SQL injection attacks. See this Stack Overflow answer on how to prevent SQL injection.

More Related Contents:

  1. How to update multiple MySQL table entries with different id?
  2. Can’t insert data into mysql database using PHP [closed]
  3. which is better every user have a table or just a row [closed]
  4. Warning: mysql_connect(): [2002] No such file or directory (trying to connect via unix:///tmp/mysql.sock) in
  5. How can I use PDO to fetch a results array in PHP?
  6. Is closing the mysql connection important?
  7. MySQL check if a table exists without throwing an exception
  8. Shortcomings of mysql_real_escape_string?
  9. Alternative to mysql_real_escape_string without connecting to DB
  10. HTML – Change\Update page contents without refreshing\reloading the page
  11. Calculate age based on date of birth
  12. How to write a stored procedure using phpmyadmin and how to use it through php?
  13. Doing calculations in MySQL vs PHP
  14. Geo-Search (Distance) in PHP/MySQL (Performance)
  15. PHP mysql search multiple tables using a keyword
  16. How do I count unique visitors to my site?
  17. php code to test pdo is available?
  18. Best practice: Import mySQL file in PHP; split queries
  19. PHP / MySQL build tree menu
  20. ini_set, set_time_limit, (max_execution_time) – not working
  21. unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING error [duplicate]
  22. How to build a JSON array from mysql database
  23. How to display a date as iso 8601 format with PHP
  24. How to generate unique id in MySQL?
  25. Fatal error: Call to undefined method mysqli_stmt::fetch_array() [duplicate]
  26. adding 30 minutes to datetime php/mysql
  27. Create table with PHP and populate from MySQL
  28. Backup a mysql database and download as a file
  29. Is a BLOB converted using the current/default charset in MySQL?
  30. PHP/MySQL Pagination

Leave a Comment