Hello I am trying to make a retrive password script, my password inside the database is coded and here is the script for retriving it:
<?php
$salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
include_once("config.php"); //include the settings/configuration
$password = null;
/* function svarzcane kam bazata */
$email = $_POST['email'];
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); //our new PDO Object
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
} catch (PDOException $e) {
echo $e->getMessage(); //catch and show the error
}
$stmt = $con->prepare("SELECT password FROM users WHERE email = :getmail LIMIT 1");
$stmt->bindParam(":getmail", $_POST['email']);
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$stmt->execute();
while( $row = $stmt->fetch()) {
$pass = $row['password'];
}
The problem here is that it gives me an error in the line when I am trying to decode the password: Fatal error: Using $this when not in object context in /home/cedecapr/public_html/retrive.php on line 18
How I can fix that ? any help will be apreciated. Thanks.
The decoding variable is defined inside a class file : public $salt = "decoding code";
as suggested by Barmer I can't use this utside the class code. than how to Bind the Value with the hash alghoritm.
how to change this line
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
to decode the result from the database. The Hash alghoritm is updated on the top of the code as wel..
You can remove this line completely:
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
Your SQL statement doesn't contain a parameter named :password, so there's no need to bind any value to it. I would guess you did copy & paste of this line of code from some class method, where $this was meaningful.
I also wonder if it will make any difference if you do retrieve the password, since it appears that the database stores a SHA256 hash of the salted password. Hashing is not reversible, so even if you do retrieve the content of the password column from your database, the user can't use this to log in.
I think you need to learn more about PHP coding, and also security, before you make any changes on the authentication system for any website.
This line:
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
Should be:
$stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
You cannot use $this-> outside of a class definition. Period. . EOF.