Good afternoon,
I am trying to get the following to work but perhaps I am missing something:
$slogin = sc_sql_injection({login});
$spswd = sc_sql_injection({pswd});
sc_lookup(ds, “select pswd from sec_users where login = ‘{login}’”);
$hashed= {ds[0][0]};
echo $spswd," “;
echo $slogin,” “;
echo $hashed,” ";
if (password_verify($spswd, $hashed))
{
echo 'Password is valid!';
}
else
{
echo 'Password is NOT valid!';
}
The password_verify is not validating. I would prefer to not use sha512 but that seems to be the only thing I can get to work. I created the password using
password_hash({pswd}, PASSWORD_BCRYPT);
Any advice would be appreciated.