I want to pull the user's hash (saved under UserPassword) Picture of UserPassword column in DB and run it through password_verify(). The problem is, it doesn't return anything. Here's my code: HTML:
<div class="userInfo">
<form method="post">
<p>Username: </p>
<input type="text" name="Username" required>
<p>Password: </p>
<input type="password" name="Password" required>
<br><br>
<input type="submit" name = "submit" value="Log In"></button>
</form>
</div>
PHP:
<?php
if(isset($_POST['submit'])) {
$tblusername = $_POST['Username'];
$tblpasswordU = $_POST['Password'];
$servername = "localhost";
$username = "mealplan";
$password = "";
try {
$conn = new PDO("mysql:host=$servername;dbname=mealplan", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT UserName FROM tblUsers WHERE UserName = :tblusername");
$stmt->bindParam(':tblusername', $tblusername);
$stmt->execute();
if($stmt->rowCount() > 0){
}else{
die("Incorrect Username or Password");
}
$stmt = $conn->prepare("SELECT UserPassword FROM tblUsers WHERE UserName = :username");
$stmt->bindParam(':username', $tblusername);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($tblpasswordU, $row['UserPassword']) == true) {
echo "Signed in successfully";
} else {
die("Incorrect username or password");
}
} catch(PDOException $e) {
echo "<style>.hidden { visibility: visible; } .shown { visibility: hidden; font-size: 0px }</style>";
}
}
?>
Me echoing the Hash and Username were part of me testing. Here's the output: Incorrect Username or Password [] [123] (123 being my test user)
Quick note: $tblpasswordU is the unverified password the user put in.
The password saved in the database is hashed, so you can't match it directly in the SQL. You need to fetch the password for the username. Then you usepassword_verify()
to check whether the password the user entered hashes to the same thing.
Also, you have to fetch the row from the query.
There's no need to use two queries. Just use one query to test if the username exists and fetch the password.
<?php
if(isset($_POST['submit'])) {
$tblusername = $_POST['Username'];
$tblpasswordU = $_POST['Password'];
$servername = "localhost";
$username = "mealplan";
$password = "";
try {
$conn = new PDO("mysql:host=$servername;dbname=mealplan", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT UserPassword FROM tblUsers WHERE UserName = :tblusername");
$stmt->bindParam(':tblusername', $tblusername);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$row) { // This is just for debugging, in production you shouldn't distinguish wrong username and wrong password
die("Username not found");
}
if ($row && password_verify($tblpasswordU, $row['UserPassword'])) {
echo "Signed in successfully";
} else {
die("Incorrect username or password");
}
} catch(PDOException $e) {
echo "<style>.hidden { visibility: visible; } .shown { visibility: hidden; font-size: 0px }</style>";
}
}
?>
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Find the answer in similar questions on our website.
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.
PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites.
The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/
DBMS is a database management system. It is designed to change, search, add and delete information in the database. There are many DBMSs designed for similar purposes with different features. One of the most popular is MySQL.
It is a software tool designed to work with relational SQL databases. It is easy to learn even for site owners who are not professional programmers or administrators. MySQL DBMS also allows you to export and import data, which is convenient when moving large amounts of information.
https://www.mysql.com/
HTML (English "hyper text markup language" - hypertext markup language) is a special markup language that is used to create sites on the Internet.
Browsers understand html perfectly and can interpret it in an understandable way. In general, any page on the site is html-code, which the browser translates into a user-friendly form. By the way, the code of any page is available to everyone.
https://www.w3.org/html/
Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.
Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.
Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.