Learn_PHP Posted April 5, 2013 Share Posted April 5, 2013 Hello, I'm new to PHP and I need some help with user logins. I'm using WebMatrix2 running a site on localhost trying to learn PHP through trial and error. I've made a registration and login. When I try to test user input against the database, it looks like the query works but the verification fails. Any advice would help, thanks in advance! register.php <?php session_start(); require_once("db.php"); require_once("create.php"); if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { echo "crypt blowfish enabled"; } if(isset($_POST['submit'])) { $filter=array ( "username"=>array ( "filter"=>FILTER_SANITIZE_STRING, ), "password"=>array ( "filter"=>FILTER_SANITZE_STRING, ), "email"=>FILTER_VALIDATE_EMAIL, ); $result=filter_input_array(INPUT_POST,$filter); if(!$result["email"]) { echo "invalid email"; } $username=$result['username']; $pass=$result['password']; $email=$result['email']; $iv=mcrypt_create_iv(16,MCRYPT_DEV_URANDOM); $replace=array("+","="); $salt=str_replace($replace,".",base64_encode($iv)); $password=crypt($pass,'$2a$10'.$salt); $sql="INSERT INTO users (username,password,email,salt) VALUES (?, ?, ?, ?)"; $stmt=mysqli_prepare($con,$sql); mysqli_bind_param($stmt,'ssss',$username,$password,$email,$salt); mysqli_stmt_execute($stmt); if(mysqli_affected_rows($con)>0) { $userid=mysqli_insert_id($con); echo "created user successfull"; $_SESSION['username']=$username; $_SESSION['userid']=$userid; } else{ echo "creation failed"; } } ?> login.php <?php require_once("db.php"); if(isset($_POST['submit'])) { $username=mysqli_real_escape_string($_POST['username']); $password=mysqli_real_escape_string($_POST['password']); if($sql=mysqli_query($con,"SELECT username, password FROM users WHERE username='$username' LIMIT 1")) { echo "successfull query"; echo "<br/>"; $row=mysqli_fetch_array($sql); $user=$row["username"]; $hashpass=$row["password"]; if(crypt($password,$hashpass)==$hashpass && $username==$user) { echo "successfull password"; echo "<br/>"; } else { echo "fail pass check"; echo mysqli_error($con); } } else { echo "sql query failed.".mysqli_error($con); } } echo mysqli_error($con); ?> I get "successfull query" but then I get "fail pass check". I'm not sure if I'm comparing the user input against the query result set correctly or what? Quote Link to comment https://forums.phpfreaks.com/topic/276590-verify-user-input-against-mysql-database/ Share on other sites More sharing options...
Jessica Posted April 5, 2013 Share Posted April 5, 2013 You need to look at the manual for crypt. Quote Link to comment https://forums.phpfreaks.com/topic/276590-verify-user-input-against-mysql-database/#findComment-1423185 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.