Rybat Posted September 27, 2018 Share Posted September 27, 2018 ``` <?php ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); session_start(); include_once 'connect/conn.php'; ?> <?php if(isset($_POST['login'])){ $username = $_POST['username']; $password = $_POST['password']; $msg = ''; $hash = password_hash($password, PASSWORD_DEFAULT); $sql = "SELECT * FROM `users` where `username`=:username and `password`=:password"; $stmt = $dbh->prepare($sql); $stmt->execute(array(':username' => $username,':password' => $hash )); $count = $stmt->rowCount(); if ($count > 0){ $_SESSION["username"] = $_POST["username"]; die(header('Location: http://localhost/auth/login.php')); }else{ $msg = '<label>Wrong Data</label>'; } } ?>``` Link to comment Share on other sites More sharing options...
mac_gyver Posted September 27, 2018 Share Posted September 27, 2018 password_hash() is used when you store the hashed password, during registration. to test if the entered password corresponds to the hashed value, you must retrieve the hashed value from the database table and use password_verify() also, the only thing you should store in the session variable is the user's id, from an auto-increment column in your users table. to get any other user information, query for and retrieve it based on the user id. Link to comment Share on other sites More sharing options...
Rybat Posted September 27, 2018 Author Share Posted September 27, 2018 I tried the code differently using password verify but does not go further from echo "no password" could I have done a mistake i am not seeing here is the code ``` <?php ini_set('display_errors', '1'); ini_set('display_startup_errors', '1'); error_reporting(E_ALL); session_start(); include_once 'connect/conn.php'; ?> <?php if(isset($_POST['login'])){ $username = $_POST['username']; $password = $_POST['password']; $errors = array(); $sql = "SELECT * FROM `users` where `username`=:username and `password`=:password"; $stmt = $dbh->prepare($sql); $stmt->execute(array(':username' => $username, ':password' => $password )); $user = $stmt->fetch(PDO::FETCH_ASSOC); if($user === false){ echo "no password";; } else{ $validPassword = password_verify($passwordAttempt, $user['password']); if($validPassword){ $_SESSION['user_id'] = $user['id']; $_SESSION['logged_in'] = time(); header('Location: http://localhost/auth/login.php'); exit; } else{ die('Incorrect username / password combination!'); } } }``` Link to comment Share on other sites More sharing options...
Barand Posted September 27, 2018 Share Posted September 27, 2018 Your query should be SELECT password FROM `users` where `username`=:username $passwordAttempt does not exist - try it with $_POST['password'] instead. (Assuming the hashed value of the password was stored after using passwotd_hash() ) Link to comment Share on other sites More sharing options...
Rybat Posted September 27, 2018 Author Share Posted September 27, 2018 26 minutes ago, Barand said: SELECT password FROM `users` where `username`=:username $passwordAttempt does not exist - try it with $_POST['password'] instead. (Assuming the hashed value of the password was stored after using passwotd_hash() ) Done that but it gives me ```die('Incorrect username / password combination!');``` yet i have registered a correct password and username combination. ``` <?php if(isset($_POST['login'])){ $username = $_POST['username']; $password = $_POST['password']; $errors = array(); $sql = "SELECT * FROM `users` where `username`=:username "; $stmt = $dbh->prepare($sql); $stmt->execute(array(':username' => $username, )); $user = $stmt->fetch(PDO::FETCH_ASSOC); if($user === false){ echo "no password";; } else{ $validPassword = password_verify($_POST['password'], $password ); if($validPassword){ $_SESSION['id'] = $user['id']; $_SESSION['logged_in'] = time(); header('Location: http://localhost/auth/login.php'); exit; } else{ die('Incorrect username / password combination!'); } } }``` Link to comment Share on other sites More sharing options...
Barand Posted September 28, 2018 Share Posted September 28, 2018 password_verify() manual Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.