Jump to content

Search the Community

Showing results for tags 'verify user input hashed pass'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 1 result

  1. Hello, I'm new to PHP and I need some help with user logins. I'm using WebMatrix2 running a site on localhost trying to learn PHP through trial and error. I've made a registration and login. When I try to test user input against the database, it looks like the query works but the verification fails. Any advice would help, thanks in advance! register.php <?php session_start(); require_once("db.php"); require_once("create.php"); if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { echo "crypt blowfish enabled"; } if(isset($_POST['submit'])) { $filter=array ( "username"=>array ( "filter"=>FILTER_SANITIZE_STRING, ), "password"=>array ( "filter"=>FILTER_SANITZE_STRING, ), "email"=>FILTER_VALIDATE_EMAIL, ); $result=filter_input_array(INPUT_POST,$filter); if(!$result["email"]) { echo "invalid email"; } $username=$result['username']; $pass=$result['password']; $email=$result['email']; $iv=mcrypt_create_iv(16,MCRYPT_DEV_URANDOM); $replace=array("+","="); $salt=str_replace($replace,".",base64_encode($iv)); $password=crypt($pass,'$2a$10'.$salt); $sql="INSERT INTO users (username,password,email,salt) VALUES (?, ?, ?, ?)"; $stmt=mysqli_prepare($con,$sql); mysqli_bind_param($stmt,'ssss',$username,$password,$email,$salt); mysqli_stmt_execute($stmt); if(mysqli_affected_rows($con)>0) { $userid=mysqli_insert_id($con); echo "created user successfull"; $_SESSION['username']=$username; $_SESSION['userid']=$userid; } else{ echo "creation failed"; } } ?> login.php <?php require_once("db.php"); if(isset($_POST['submit'])) { $username=mysqli_real_escape_string($_POST['username']); $password=mysqli_real_escape_string($_POST['password']); if($sql=mysqli_query($con,"SELECT username, password FROM users WHERE username='$username' LIMIT 1")) { echo "successfull query"; echo "<br/>"; $row=mysqli_fetch_array($sql); $user=$row["username"]; $hashpass=$row["password"]; if(crypt($password,$hashpass)==$hashpass && $username==$user) { echo "successfull password"; echo "<br/>"; } else { echo "fail pass check"; echo mysqli_error($con); } } else { echo "sql query failed.".mysqli_error($con); } } echo mysqli_error($con); ?> I get "successfull query" but then I get "fail pass check". I'm not sure if I'm comparing the user input against the query result set correctly or what?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.