I know they do, because I tested with.
die($HASH_Pass);
And it returned the same password as the password stored with the username associated in the database.
<?php
/*
<p class="required">All fields are required</p><br/>
<form method="post" action="Scripts/UserFunctions/login.php">
<label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/>
<label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/>
<input type="submit" name="submit" value="Login">
</form>
*/
if(isset($_POST['submit'])){
//set default variables
$msg = "";
$error = false;
//set variables from user input
$Username = $_POST['username'];
$Password = $_POST['password'];
$HASH_Pass = hash("sha512", $Password);
//include connection
require_once("../DB/connect.php");
//create quarries to get data
$Query = $connect->prepare("SELECT * FROM Users WHERE Username = :hhh AND Password = :jjj");
$Query->bindValue(':hhh', $Username);
$Query->bindValue(':jjj', $HASH_Pass);
$Query->execute() or die("Not executed");
$ROWS = $Query->fetch(PDO::FETCH_NUM);
if($ROWS != 0){
$_SESSION['Logged_in']=$Username;
header("Location: http://www.family-line.dx.am/Community/profile.php?user=$Username");
exit();
} else {
$msg .= "Username and Password do not match. Try again";
$error = true;
}
if($error){
$Self = $_SERVER['PHP_SELF'];
echo <<<form
<div style="background: #efefef;">
<h2 style="color: red; font-weight: 850;">{$msg}</h2>
<p class="required">All fields are required</p><br/>
<form method="post" action="{$Self}">
<label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/>
<label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/>
<input type="submit" name="submit" value="Login">
</form>
</div>
form;
}
}
?>
Spelled Queries wrong…sorry
I'm using PDO (obviously), but is there anything that would cause this error? I've made a working Login script, but I never used bindValue()...
I'm new here.
But I'm pretty sure it's not the SQL's issue, because it never displayed the or die(...)
Not sure if this helps but the script is here...
http://family-line.dx.am/page.php?page=login
Username: Test
Password: Test