I have no issues with inserting the data into the database, the signup form is working perfectly however, when trying to login the page keeps telling me that the user/pass is incorrect and I can't figure out why.
Im creating a session, pulling the fields from the database correctly and having looking in the SQL row, the passwords are being stored correctly.
Could someone point me in the right direction with the code below as to why this isnt working?
Quote:
<?php
session_start();
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'user';
$DATABASE_PASS = 'pass';
$DATABASE_NAME = 'db';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
if ($stmt = $con->prepare('SELECT id, password FROM Register WHERE username = ?')) {
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
if ($_POST['password'] === $password) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
// Wrong password
echo 'Incorrect User/Pass!';
}
} else {
// Wrong username
echo 'Incorrect User/Pass!';
}
$stmt->store_result();
$stmt->close();
}
?>
/
|
This isnt for anything fancy, just trying to have a system when employees can maintain their contact information and keep it up to date.
*Quick Edit*
I'm using this on the submission form for the password, if it matters.
Quote:
|
$secure_pass = password_hash($password, PASSWORD_BCRYPT);
|