Hi, I am trying to set up a useername / password validation log in for a website - code below.
I'm fairly new to php, so my understanding of what I have done is:
config and env pick up some basic info including the servername, username, password and dbname for the connection,
$_POST["username"] and $_POST["pwd"] are the values entered by the user on a previous log in page.
Users is queried to bring back the data in $sql where the posted username ($userid) matches the UserName in the table.
This is then checked to ensure there is one row returned - if not we go to test3.php
If there is one row, the password entered on the log in ['pwd'] is compared to the password in the table.
If they match we go to test1.php
If they don't we go to test2.php
test1.php test2.php and test3.php are holding pages which just display "Success", "incorrect password" or "No User" to check that this codeworks and will be replaced later.
When I go through the login page and put an invalid user name, I get sent to test3.php - this is correct.
However, if a put in a valid user name and a password, I get sent to test2.php (incorrect password) regardless of the password used being correct or not. Which makes me think the validation is not working.
This is the code from the input page for username & password:
<div style="display: table-row">
<div style="display: table-cell" class="w3-padding">
<label>User ID:</label>
<input class="w3-input w3-text-black" name="username" required>
</div>
<div style="display: table-cell" class="w3-padding">
<label>Password:</label>
<input class="w3-input w3-text-black" type="password" name="pwd" required>
</div>
</div>
Thanks in advance for any assistance.
<?php
//get config and environment files - includes session script and database ID
require_once("config.php");
require_once("env.php");
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
{ die("Connection failed: " . $conn->connect_error); }
$userid = $_POST["username"];
$sql = "SELECT UserID, UserName, Psswrd, FirstName, LastName, UserType FROM Users WHERE UserName = '$userid';";
$result = $conn->query($sql);
$row = mysqli_fetch_assoc($result);
if ($result->num_rows == 1)
{ $pwcheck = $row['Psswrd'];
if(password_verify($_POST["pwd"],$pwcheck))
{ header("Location: test1.php");
exit();
}else
{ header("Location: test2.php");
exit();
}
}else
{ header("Location: test3.php");
exit(); }
?>