Ask a question

Popular technologies


Latest questions:

411 sql - Reverse the array in php
716 php - Convert long numbers to short and compact
136 php - Codeigniter 4 validation error callback_check_password is not working
776 laravel - How to calculate hour two date difference in php?
668 php - Symfony project shows directory listing index instead of index page
263 php - Test Imagick Image
970 wordpress - I am getting issues with my single Post navigation in single.php with previous_post_link() and next_post_link() is not working with post type "post"
356 PHP bcrypt to PYTHON bycrypt not giving same values
97 php - How to fix error Query array failed: 1064
685 php - What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
  1. Home
  2. mysql - Why is PHP PDO not pulling anything from my database (More specifically the UserPassword Column)
881 votes
1 answers

mysql - Why is PHP PDO not pulling anything from my database (More specifically the UserPassword Column)

mangohost Get the solution ↓↓↓

I want to pull the user's hash (saved under UserPassword) Picture of UserPassword column in DB and run it through password_verify(). The problem is, it doesn't return anything. Here's my code: HTML:

   <div class="userInfo">
      <form method="post">
        <p>Username: </p>
        <input type="text" name="Username" required>
        <p>Password: </p>
        <input type="password" name="Password" required>
        <br><br>
        <input type="submit" name = "submit" value="Log In"></button>
      </form>
    </div>

PHP:

<?php
    if(isset($_POST['submit'])) {
      $tblusername = $_POST['Username'];
      $tblpasswordU = $_POST['Password'];

      $servername = "localhost";
      $username = "mealplan";
      $password = "";
      
      try {
        $conn = new PDO("mysql:host=$servername;dbname=mealplan", $username, $password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt = $conn->prepare("SELECT UserName FROM tblUsers WHERE UserName = :tblusername");
        $stmt->bindParam(':tblusername', $tblusername);
        $stmt->execute();

        if($stmt->rowCount() > 0){
        }else{
          die("Incorrect Username or Password");
        }
        $stmt = $conn->prepare("SELECT UserPassword FROM tblUsers WHERE UserName = :username");
        $stmt->bindParam(':username', $tblusername);
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if (password_verify($tblpasswordU, $row['UserPassword']) == true) {
            echo "Signed in successfully";
        } else {
            die("Incorrect username or password");
        }
      } catch(PDOException $e) {
        echo "<style>.hidden { visibility: visible; } .shown { visibility: hidden; font-size: 0px }</style>";
      }
    }
    ?>

Me echoing the Hash and Username were part of me testing. Here's the output: Incorrect Username or Password [] [123] (123 being my test user)

Quick note: $tblpasswordU is the unverified password the user put in.

299
votes

Answer

Solution:

The password saved in the database is hashed, so you can't match it directly in the SQL. You need to fetch the password for the username. Then you usepassword_verify() to check whether the password the user entered hashes to the same thing.

Also, you have to fetch the row from the query.

There's no need to use two queries. Just use one query to test if the username exists and fetch the password.

<?php
if(isset($_POST['submit'])) {
    $tblusername = $_POST['Username'];
    $tblpasswordU = $_POST['Password'];

    $servername = "localhost";
    $username = "mealplan";
    $password = "";
      
    try {
        $conn = new PDO("mysql:host=$servername;dbname=mealplan", $username, $password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt = $conn->prepare("SELECT UserPassword FROM tblUsers WHERE UserName = :tblusername");
        $stmt->bindParam(':tblusername', $tblusername);
        $stmt->execute();
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if (!$row) { // This is just for debugging, in production you shouldn't distinguish wrong username and wrong password
            die("Username not found");
        }
        if ($row && password_verify($tblpasswordU, $row['UserPassword'])) {
            echo "Signed in successfully";
        } else {
            die("Incorrect username or password");
        }
    } catch(PDOException $e) {
        echo "<style>.hidden { visibility: visible; } .shown { visibility: hidden; font-size: 0px }</style>";
    }
}
?>

Source

Share

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

490 php - Retrieving Role and Permission from Authenticated User Laravel Breeze + React + inertia + Spatie Permission
808 php - How can i fix this col ? i did not arange my items i tried everthing but i did not fix the problem
352 Getting Class "mysqli" not found when using docker container to load mysql and php
5 "Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
501 mysql - Order by After Where clause not working in MySQLi PHP
15 php - This page isn??�t working error showing because session not set
515 linux - PHP-FPM Exporter Binary can not access php unix socket
602 php - Create dynamic DataTable from database
179 php - Missing data from joined table on query
486 php - PHPUnit test not sharing the entity manager with Symfony

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.




About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/


MySQL

DBMS is a database management system. It is designed to change, search, add and delete information in the database. There are many DBMSs designed for similar purposes with different features. One of the most popular is MySQL. It is a software tool designed to work with relational SQL databases. It is easy to learn even for site owners who are not professional programmers or administrators. MySQL DBMS also allows you to export and import data, which is convenient when moving large amounts of information.
https://www.mysql.com/


HTML

HTML (English "hyper text markup language" - hypertext markup language) is a special markup language that is used to create sites on the Internet. Browsers understand html perfectly and can interpret it in an understandable way. In general, any page on the site is html-code, which the browser translates into a user-friendly form. By the way, the code of any page is available to everyone.
https://www.w3.org/html/

Welcome to webdevask.com

Welcome to webdevask.com

Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.