Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,159,314 members, 7,839,509 topics. Date: Friday, 24 May 2024 at 09:17 PM |
Nairaland Forum / Science/Technology / Programming / PHP Password_verify() Function Fails To Work. Help! (851 Views)
Nairaland Login Function Is Faulty! / Javascript:how Do I Use drawBox Function.. / Brain Teaser: Recursive Anonymous Function Expression Analysis (2) (3) (4)
PHP Password_verify() Function Fails To Work. Help! by concord129(m): 3:43pm On Mar 29, 2020 |
I have been writing this program for sometimes now but whenever it gets to this particular level where I needed to verify a hashed password in the database against a user input password, it keeps returning wrong password. Below is my signup and login page code. The login page: if(isset($_POST['submit'])){ $email_verify = $mysql->real_escape_string($_POST['login_email']); $password2 = $mysql->real_escape_string($_POST['login_password']); if(empty($email_verify) || empty($password2)){ die('Error: Username or password is empty!'); }else{ $query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?"; $stmt = $mysql->prepare($query); $stmt->bind_param('ss', $email_verify, $password2); $stmt->execute(); $stmt->bind_result($id, $username, $email, $password_hash, $user_level); $stmt->store_result(); $stmt->fetch(); if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){ $_SESSION['login_user'] = $email; header("location: userprofile.php" }elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){ $_SESSION['login_admin'] = $email; header("location: adminprofile.php" }else{ $_SESSION['error_message'] = "Username or password is incorrect!"; } mysqli_close($mysql); } } if(isset($_SESSION['login_user'])){ header("location: userprofile.php" }elseif(isset($_SESSION['login_admin'])){ header("location: adminprofile.php" } The sign up page: $password_hash = password_hash($password, PASSWORD_DEFAULT); //To check if it is real image or not if(preg_match("!image!", $_FILES['profile_image']['type'])){ //To check if the image copied or not if(copy($_FILES['profile_image']['tmp_name'], $profile_image)){ $upload_sql = "INSERT INTO userprofile(first_name, surname, last_name, username, password, email, phone_number, country, state, city, user_image)" . "VALUES('$firstname', '$surname', '$lastname', '$username', '$password_hash', '$email', '$phone_number', '$country', '$state', '$city', '$profile_image')"; |
Re: PHP Password_verify() Function Fails To Work. Help! by Thenaijaitguy: 4:22pm On Mar 29, 2020 |
Remove the mysql_escape_string (); Or should work like that |
Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:39pm On Mar 29, 2020 |
concord129: The login page: if(isset($_POST['submit'])){ $email_verify = $mysql->real_escape_string($_POST['login_email']); $password2 = $mysql->real_escape_string($_POST['login_password']); $password2_hash = password_hash($password2, PASSWORD_DEFAULT) if(empty($email_verify) || empty($password2)){ die('Error: Username or password is empty!'); }else{ $query = "SELECT id, username, email, password, user_level FROM userprofile WHERE email=? AND password =?"; $stmt = $mysql->prepare($query); $stmt->bind_param('ss', $email_verify, $password2_hash); $stmt->execute(); $stmt->bind_result($id, $username, $email, $password_hash, $user_level); $stmt->store_result(); $stmt->fetch(); if($email_verify === $email && password_verify($password2, $password_hash) && $user_level === $user){ $_SESSION['login_user'] = $email; header("location: userprofile.php" }elseif($email_verify === $email && password_verify($password2, $password) && $user_level === $admin){ $_SESSION['login_admin'] = $email; header("location: adminprofile.php" }else{ $_SESSION['error_message'] = "Username or password is incorrect!"; } mysqli_close($mysql); } } |
Re: PHP Password_verify() Function Fails To Work. Help! by dammieight(m): 4:41pm On Mar 29, 2020 |
The user input password is not hashed before comparing it with the hashed one in the database.. Hope this helps. |
Re: PHP Password_verify() Function Fails To Work. Help! by Superstar007(m): 12:56am On Mar 30, 2020 |
concord129: Remove the password bit from your sql query as it will not return the details for the user because the password hasn't been hashed yet. You are basically trying to select a row where the email AND the unhashed password the user entered exists. |
(1) (Reply)
Get An Affordable Power Supply For Your Dev Work / Where To Find Your Next Unique IT Opportunity / Let's Be Specific
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 16 |