0

am working on a simple login script in PHP, the script seems to work find on my local machine running on PHP version: 7.1.7 but completely fails to run/return anything on my server with PHP 5.2.0, here is the code:

public function login($username, $password){
$response['error'] = true;
$response['message'] = 'Incorrect credentials';
$user = array();
$stmt = $this->conn->prepare("SELECT * FROM user_tb WHERE username = ?");

    $stmt->bind_param("s", $username);
    if ($stmt->execute()) {
        $user = $stmt->get_result()->fetch_assoc();
        $stmt->close();

        $salt = $user['salt'];
        $encrypted_password = $user['password'];
        $hash = $this->checkhashSSHA($salt, $password);

        if ($encrypted_password == $hash) {

            $user['id'] = $user["id"];
            $user['fname'] = $user["fname"];
            $user['lname'] = $user["lname"];
            $user['phone'] = $user["phone"];
            $user['city'] = $user["city"];
            $user['country'] = $user["country"];
            $response['user'] = $user;
            $response['error'] = false;
            $response['message'] = 'Welcome back.';
          }
    }


    return $response;
 }


    public function hashSSHA($password) {

    $salt = sha1(rand());
    $salt = substr($salt, 0, 20);
    $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
    $hash = array("salt" => $salt, "encrypted" => $encrypted);
    return $hash;
  }


public function checkhashSSHA($salt, $password) {

    $hash = base64_encode(sha1($password . $salt, true) . $salt);

    return $hash;
  }

What could be the problem? am I using methods not supported in PHP 5.2.0? If so why isn't it even giving error/warnings? someone help me, am out of ideas.

Rando roxford
  • 133
  • 2
  • 10
  • Check the error log of the server to get the actual issue – Mayank Pandeyz Nov 17 '17 at 07:11
  • Check the server log to find out if there's any error – Pratansyah Nov 17 '17 at 07:11
  • maybe time to update your server's php? – SmartCoder Nov 17 '17 at 07:11
  • `ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` for display errors – helpdoc Nov 17 '17 at 07:12
  • @MayankPandeyz let me check the server – Rando roxford Nov 17 '17 at 07:25
  • @SmartCoder I wish I could, I really do so but the server is shared, I have some other people who are write code for < 5.2.0 – Rando roxford Nov 17 '17 at 07:26
  • you can downgrade your local machine's php version, in order to test and update code – Confused Nov 17 '17 at 07:29
  • I found the fault, according to the log `Call to undefined method mysqli_stmt::get_result()` – Rando roxford Nov 17 '17 at 08:01
  • 2
    Do not use simple password hashing such as `hashSSHA`, in PHP use `password_hash` and `password_verify`,esy and secure. When saving a password verifier just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Better yet use a function such as `PBKDF2`, `Rfc2898DeriveBytes`, `Argon2`, `password_hash`, `Bcrypt` or similar functions. The point is to make the attacker spend substantial of time finding passwords by brute force. – zaph Nov 17 '17 at 13:14
  • Does this answer your question? [Call to undefined method mysqli\_stmt::get\_result](https://stackoverflow.com/questions/8321096/call-to-undefined-method-mysqli-stmtget-result) – Dharman Mar 25 '20 at 20:35

0 Answers0