0

Basic question but I keep failing. Have checked out similar topics but didn't get closer to the solution, so please don't redirect me just point out what I'm missing. Thank you.

<?php 

$hashed_password = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

$password = ($_POST["reg_password"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

$query = mysqli_query($con, "INSERT INTO user VALUES('', '$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

This is the registering part and it is working flawlessly. The provided password is getting hased and stored in the DB.

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $password = password_verify($_POST["login_password"], $hashed_password);

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE password = '$password'");

    $checkLogin = mysqli_num_rows($checkDB);

    if($checkLogin == 1){
        $row = mysqli_fetch_array($checkDB);

        echo "Welcome";
    }

    else {
        echo "Password incorrect";
    }
}
?>

This is the login part and it always fails. I suspect the following snippet to be the culprit:

$password = password_verify($_POST["login_password"], $hashed_password);

but have no idea how to fix it.

Any help would be great. Thank you!

UPDATED CODE:

register.php:

<?php 

$hashed_password = "";
$name = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

    $password = ($_POST["reg_password"]);
    $name = ($_POST["reg_name"]);

    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    $query = mysqli_query($con, "INSERT INTO user VALUES('', '$name','$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_name" placeholder="Name">
        <br><br>
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="text" name="login_name" placeholder="Name">
        <br><br>
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

login.php:

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $name = $_POST['login_name'];
    $password = $_POST['login_password'];

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE name = '$name'");

    $passwordField = null;

    while($getRow = mysqli_num_rows($checkDB)){
        $passwordField = $getRow['password']; // Get hashed password
    }

    if(password_verify($password, $passwordField)){
        echo('Correct');
    }else{
        echo('Wrong');
    }
}
?>
Improve this question

2 Answers 2

Reset to default
1

Below from where do you get $hashed_password?Even if you included register.php,it doenst do anything,since those values are not set.

$password = password_verify($_POST["login_password"], $hashed_password);

You first need to get it from the db.

Second, password_verify returns true or false so even if $hashed_password is set,$password would be a boolean.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I thought $hashed_password gets its value if I include "register.php", as I did. Is it not? How should I assign a value to it then?
@idontgetit You cant login and register at the same time.Get the hash from the db:SELECT pass_column FROM...WHERE username=..
0

You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]

<?php

$con = mysqli_connect("localhost", "root", "", "testtable");

if(isset($_POST["login_button"])){

    // $password = password_verify($_POST["login_password"], $hashed_password);
    $password = $_POST['password'];
    $checkDB = mysqli_query($con, "SELECT * FROM user");

    while($getRow = mysqli_fetch_array($checkDB)){
        $passwordRow = $getRow['password'];
    }

    if(password_verify($password, $passwordRow) === TRUE){
        echo('Welcome');
    }else{
    echo('Wrong credentials');
    }
}
?>
Improve this answer

7 Comments

Thanks for the detailed answer. Tried to use your code, registering works fine but when it comes to login this is what I face with: Fatal error: Maximum execution time of 30 seconds exceeded in C:\xampp\htdocs\test\login.php on line 16. Apparently 'while' makes it crash
Is there only one field (password) in your form?
No, I added a 'name' field as well, please see updated code above
Please see updated answer. It's with only one field password.
Thanks for the update and your time, John. Now it is working as expected.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.