mysql - PHP log in system password isn't matching -


i have made login system enables user sign in using defined email , password, in testing section, have noticed passwords don't match although know correct wrote test 1 down made it. cant seem see why happening, think may hashing of passwords don't know what.the login page check document, login.php:

    if(empty($errors)) {     $sql = "select accountid, password users emails=?";     $stmt = $pdo->prepare($sql);     $stmt->execute([$data['email']]);      if(!$row = $stmt->fetch())     {         // email didn't match         $errors['login'] = "login failed. on email";     }     else     {         // email matched, test password         if(!password_verify($data['password'],$row['password']))         {             // password didn't match             $errors['login'] = "login failed. on password";         }         else         {             // password matched             $_session['user_id'] = $row['accountid'];             header('location: welcome.php');             die;         }     } }

the insertion database hashing is, insert.php:

    if (isset($_post['name'])){         $name = $_post['name'];     }     if (isset($_post['email'])){         $email = $_post['email'];     }     if (isset($_post['password'])){         $pword = $_post['password'];     }     if (isset($_post['busname'])){         $busname = $_post['busname'];     }      if (empty($name)){         echo("name required field");         exit();     }     if (empty($email)){         echo ("email required field");         exit();     }     if (empty($pword)){         echo("you must enter password");         exit();     }     $pword = password_hash($pword, password_default)."/n";    //insert html form database $insertquery= "insert  `cscw`.`users` ( `accountid` , `businessname` , `name` , `emails` , `password` ) values ( null ,  '$busname',  '$name',  '$email',  '$pword' );";

and on web page shown login.php, "login failed. on password". if need see more code please let me know.

it not recognize $row['password']. be organized query **
1)prepare
2)execute
3)fetch
4)close
5)then exploit fetched data. fetched data need sorted shown returnarray function.

hoping there unique emails , $data array exists.try this.

if(empty($errors)) {      $sql = "select accountid, password users emails=:emails";     $stmt = $pdo->prepare($sql);     $stmt->bindparam(':emails', $data['email']);     $stmt->execute();     $rows = $stmt->fetchall(pdo::fetch_assoc);     $stmt->closecursor();     $stmt=null;      /* return results more handy way */     function returnarray( $rows, $string )     {        foreach( $rows $row )        {            return $row[ $string ];        }     }     if( empty($rows) )    {    // email didn't match        $errors['login'] = "login failed. on email";    }    else    {      // email matched, test password        if( !password_verify( $data['password'], returnarray($rows,'password') ) )        {           // password didn't match           $errors['login'] = "login failed. on password";        }        else        {           // password matched           $_session['user_id'] = $row['accountid'];           header('location: welcome.php');           die;        }    } }

the login page not finished query not inserting. carefull might vunerable sql injections because not escape user manipulated variables.(to strengthen security add form validation, great).

you have used $pword = password_hash($pword, password_default)."/n"; removed ."/n" part. seems using concatenation operator '.' add /n add end of password_hash.

your $insertquery not finished , not readable. don't need insert backticks in query. , no need select accountid autoincrement (see if a_i accountid ticked in database). in login page.

/* trim , escape*/ function escapehtmltrimed( $data ) {     $trimed = trim( $data );     $htmlentities = htmlentities( $trimed, ent_quotes | ent_html5, $encoding = 'utf-8' );     return $htmlentities; }   if ( isset( $_post['name'] ) ){     $name = escapehtmltrimed( $_post['name'] ); } if ( isset($_post['email']) ){     $email = escapehtmltrimed( $_post['email'] ); } if ( isset($_post['password']) ){     $pword = escapehtmltrimed( $_post['password'] ); } if ( isset($_post['busname']) ){     $busname = escapehtmltrimed( $_post['busname'] ); }  if ( empty($name) ){     echo("name required field");     exit(); } if ( empty($email) ){     echo ("email required field");     exit(); } if ( empty($pword) ){     echo("you must enter password");     exit(); } /*remove adding "./n"*/ $pword = password_hash($pword, password_default);    //insert html form database $insertquery= "insert users (businessname ,name ,emails,  password) values (:busname , :name, :email , :pword)"; $stmt = $pdo->prepare($insertquery); $stmt->bindparam(':busname', $busname); $stmt->bindparam(':name', $name); $stmt->bindparam(':email', $email); $stmt->bindparam(':pword', $pword); $stmt->execute(); $stmt->closecursor(); $stmt=null;

Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more