How can I login VB.NET. Hashed password created in PHP

Question

1.00/5 (1 vote)

See more:

I'm doing a login form in vb.net, but the registrations is in PHP (it's kind of a must in the project).

What I have tried:

PHP

//register
$password = strip_tags($_POST['password'])
$password = $DBcon->real_escape_string($password);
$hashed_password = password_hash($password, PASSWORD_DEFAULT);

//login 
$query = $DBcon->query("SELECT id, username, password FROM users WHERE username='$username'");
$row=$query->fetch_array();

$count = $query->num_rows;

if (password_verify($password, $row['password']) && $count==1) {
    $_SESSION['session'] = $row['id'];
    header("Location: home.php");
    }

How can I login using hashed password in my VB.Net login form?

Posted 15-Mar-17 20:27pm

Member 12986530

Updated 15-Mar-17 20:58pm

v2

Add a Solution

Comments

Graeme_Grant 16-Mar-17 2:47am

Developers sacrifice and contribute their time own for free to help fellow developers resolve difficulties. It is important that you are crystal clear about what you are experiencing with plenty of information so that your time and theirs are not wasted. The clearer the question, the better chance that you will get a favorable response in a timely manner.

Please take the time to look at these links provided before posting questions:
* Some guidelines for posting questions in the forums[^]
* Tales from the Evil Empire - Asking questions is a skill[^]

Once you are ready update the question with clear and concise details, sample code, any error messages (includding inner exception details), etc, please click on Improve question to add more info to the question.

F-ES Sitecore 16-Mar-17 5:06am

You're going to struggle to do this. I don't know PHP but after finding some poor documentation (it's PHP, what do you expect) they seem reluctant to tell you what algorithm is used when you supply PASSWORD_DEFAULT and this is deliberate in that the algorithm used will change over time with new releases. So basically speaking if you don't know the algorithm you can't reproduce it in your own code. However it seems to use bcrypt

http://docs.php.net/manual/en/function.password-hash.php

That's problem one you have, problem two is that as you didn't supply a salt to the password one is randomly generated for you (again no details on how that works due to poor documentation), and if you don't know what the salt is you can't reproduce the hash elsewhere.

If you really want to do this you're going to have to change your PHP code to use an explicit algorithm and not PASSWORD_DEFAULT, and you're also going to have to use an explicit salt rather than the random one you get by default. That will mean updating your existing app while having to still cater for users who already have their hashes generated.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)