Jump to content

login form not working

Rybat

By Rybat
in PHP Coding Help

 Share

Recommended Posts

Rybat Member

Rybat

Posted
Posted

```

<?php 
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

session_start();
include_once 'connect/conn.php'; 
?>
<?php
    if(isset($_POST['login'])){

     $username = $_POST['username'];
      $password = $_POST['password'];
      $msg = '';


     $hash = password_hash($password, PASSWORD_DEFAULT);

    $sql = "SELECT * FROM `users` where `username`=:username and `password`=:password";

     $stmt = $dbh->prepare($sql);

     $stmt->execute(array(':username' => $username,':password' => $hash  ));

     $count = $stmt->rowCount();

     if ($count > 0){

         $_SESSION["username"] = $_POST["username"]; 

         die(header('Location: http://localhost/auth/login.php'));
      
     }else{

         $msg = '<label>Wrong Data</label>'; 
        
     } 
}

?>```
 

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

password_hash() is used when you store the hashed password, during registration.

to test if the entered password corresponds to the hashed value, you must retrieve the hashed value from the database table and use password_verify()

also, the only thing you should store in the session variable is the user's id, from an auto-increment column in your users table. to get any other user information, query for and retrieve it based on the user id.

  • Thanks 1
Link to comment
Share on other sites
Rybat Member

Rybat

Posted
  • Author
Posted

I tried the code differently using password verify but does not go further from echo "no password" could I have done a mistake i am not seeing

here is the code

```

<?php 
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

session_start();
include_once 'connect/conn.php'; 
?>
<?php
    if(isset($_POST['login'])){

     $username = $_POST['username'];
      $password = $_POST['password'];
      $errors = array();


    $sql = "SELECT * FROM `users` where `username`=:username and `password`=:password";

     $stmt = $dbh->prepare($sql);

     $stmt->execute(array(':username' => $username, ':password' => $password ));

     $user = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if($user === false){
        
        echo "no password";;

    } else{
        
     $validPassword = password_verify($passwordAttempt, $user['password']);
        
       
     if($validPassword){
            
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['logged_in'] = time();
            
        header('Location: http://localhost/auth/login.php');
        exit;
            
        } else{
            
            die('Incorrect username / password combination!');
        }
    }


}```

 

Link to comment
Share on other sites
Rybat Member

Rybat

Posted
  • Author
Posted (edited)
26 minutes ago, Barand said: 

SELECT password FROM `users` where `username`=:username

$passwordAttempt does not exist - try it with $_POST['password'] instead. (Assuming the hashed value of the password was stored after using passwotd_hash() )

Done that but it gives me ```die('Incorrect username / password combination!');``` yet i have registered a correct password and username combination.

```

<?php
    if(isset($_POST['login'])){

     $username = $_POST['username'];
      $password = $_POST['password'];
      $errors = array();


    $sql = "SELECT * FROM `users` where `username`=:username ";

     $stmt = $dbh->prepare($sql);

     $stmt->execute(array(':username' => $username, ));

     $user = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if($user === false){
        
        echo "no password";;

    } else{
        
     $validPassword = password_verify($_POST['password'], $password );
        
       
     if($validPassword){
            
        $_SESSION['id'] = $user['id'];
        $_SESSION['logged_in'] = time();
            
        header('Location: http://localhost/auth/login.php');
        exit;
            
        } else{
            
            die('Incorrect username / password combination!');
        }
    }


}```

Edited by Rybat
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.