Need help reading/fixing login.php with Angular and Hashed Passwords

View Original

one text

Solution:

Well, I figured it out...being new to php, I had a difficult time toubleshooting/debuging. It turns out that the data type for $rows would return null if I tried to reference $rows['password], but $rows is the correct datatype to return my User object. Anyone know why that is?

My solution is to fetch 2 results and create one for the password and one for the user object because running mysqli_fetch_assoc($result); multiple times attempts to fetch the next row in the result-set. I'm not sure if this is good programming practice so feel free to comment your thoughts on this method.

NOTE: THIS CODE IS NOT SQL INJECTION PROOF, DO NOT BLATANTLY IMPLEMENT WITHOUT FURTHER PDO STATEMENTS. AS OTHERS HAVE STATED, PASSWORDS SHOULD NOT BE HANDLED DIRECTLY IN THIS WAY.

login.php

<?php
include_once("database.php");
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
    if(isset($postdata) && !empty($postdata)){
        $pwd = mysqli_real_escape_string($mysqli, trim($request->password));
        $email = mysqli_real_escape_string($mysqli, trim($request->username));

        $sql = "SELECT * FROM users where email='$email'";

        if($result = mysqli_query($mysqli,$sql)){
            //$passchk = mysqli_fetch_assoc($result);
            $rows = array();
            while($row = mysqli_fetch_assoc($result)){
               $rows[] = $row;
            }
            if($result2 = mysqli_query($mysqli, $sql)){
                $passchk = mysqli_fetch_assoc($result2);

                if (password_verify($pwd, $passchk['password'])){
                    echo json_encode($rows);   
                }
            }
        }
        else{
            http_response_code(404);
        }
}
?>

Source
© 2021
E-mail: contact@webdevask.com
Back to top