I have been following a tutorial in order to create a login for an Android based application, however after encrypting the passwords I am unable to get authenticate users. I have been searching for a solution to the problem for a few days now and still no luck. I am hoping that it is something simple that I have missed.
There are also loads of people in the comments that have had the same issue as me on Video 6 (Last video in the playlist).
GitHub Repository for tutorial
Any support would be greatly appreciated and thank you in advanced!
Register.php
<?php
require("password.php");
$connect = mysqli_connect("localhost", "", "", "");
$name = $_POST["name"];
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];
function registerUser() {
global $connect, $name, $username, $email, $password;
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($connect, "INSERT INTO user (name, username, email, password) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "ssss", $name, $username, $email, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
}
function usernameAvailable() {
global $connect, $username;
$statement = mysqli_prepare($connect, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$count = mysqli_stmt_num_rows($statement);
mysqli_stmt_close($statement);
if ($count < 1){
return true;
}else {
return false;
}
}
$response = array();
$response["success"] = false;
if (usernameAvailable()){
registerUser();
$response["success"] = true;
}
print_r(json_encode($response));
?>
Login.php
<?php
require("password.php");
$con = mysqli_connect("localhost", "", "", "");
$username = $_POST["username"];
$password = $_POST["password"];
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $UserID, $Name, $Username, $Email, $PasswordHash);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["name"] = $name;
$response["email"] = $email;
$response["username"] = $username;
$response["password"] = $password;
}
echo json_encode($response);
?>
LoginRequest.java
package com.###########;
import com.android.volley.Response;
import com.android.volley.toolbox.StringRequest;
import java.util.HashMap;
import java.util.Map;
public class LoginRequest extends StringRequest {
private static final String LOGIN_REQUEST_URL = "http://....................../login.php";
private Map < String, String > params;
public LoginRequest(String username, String password, Response.Listener < String > listener) {
super(Method.POST, LOGIN_REQUEST_URL, listener, null);
params = new HashMap < > ();
params.put("username", username);
params.put("password", password);
}
@Override
public Map < String, String > getParams() {
return params;
}
}
LoginActivity.java
package com.###########;
import android.content.Intent;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.toolbox.Volley;
import org.json.JSONException;
import org.json.JSONObject;
public class LoginActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
final EditText etUsername = (EditText) findViewById(R.id.etUsername);
final EditText etPassword = (EditText) findViewById(R.id.etPassword);
final Button bLogin = (Button) findViewById(R.id.bLogin);
final TextView registerLink = (TextView) findViewById(R.id.tvRegisterHere);
registerLink.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Intent registerIntent = new Intent(LoginActivity.this, RegisterActivity.class);
LoginActivity.this.startActivity(registerIntent);
}
});
bLogin.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
final String username = etUsername.getText().toString();
final String password = etPassword.getText().toString();
Response.Listener<String> responseListener = new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");
if (success){
String name = jsonResponse.getString("name");
String email = jsonResponse.getString("email");
Intent intent = new Intent(LoginActivity.this, UserAreaActivity.class);
intent.putExtra("name", name);
intent.putExtra("username", username);
intent.putExtra("email", email);
LoginActivity.this.startActivity(intent);
}
else {
AlertDialog.Builder builder = new AlertDialog.Builder(LoginActivity.this);
builder.setMessage("Login Failed")
.setNegativeButton("Retry", null)
.create()
.show();
}
} catch (JSONException e) {
e.printStackTrace();
}
}
};
LoginRequest loginRequest = new LoginRequest(username, password, responseListener);
loginRequest.setShouldCache(false); // Disables Caching for Volley so that multiple login requests can be submitted.
RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
queue.add(loginRequest);
}
});
}
}
In login.php you should change this:
//$passwordHash = password_hash($password, PASSWORD_DEFAULT); remove
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
Each time you hash the password it creates a unique hash (due to a randonly generated salt each time the function is run), so when you login and hash, you'll never get a match. You should instead use password_verify()
Once you retrieve the password from the query, you can then verify:
password_verify($password, $response['password']);
来源:https://stackoverflow.com/questions/54081988/unable-to-login-to-android-app-using-hashed-password