Thread: Tech User authentification / login issue (password hash)
View Single Post
Old 07-03-2022, 02:08 AM  
Publisher Bucks
Confirmed User
 
Industry Role:
Join Date: Oct 2018
Location: New Orleans, Louisiana. / Newcastle, England.
Posts: 1,124
Quote:
Originally Posted by sarettah View Post
That is not where your problem is.

zijlstravideo pointed it out.

In the code in your first post you have this line:

if ($_POST['password'] === $password)

You are comparing the unencrypted password that the user entered with the encrypted password from the database.

They will never match.

You need to encrypt the password entered to do the comparison.

So the code he put up there should replace the if you are using:

if (password_hash($_POST['password'], PASSWORD_BCRYPT) === $password)

.
I've changed that line and still get the same incorrect user/pass error

Quote:
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {

exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}

if ($stmt = $con->prepare('SELECT id, password FROM Register WHERE username = ?')) {
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
if (password_hash($_POST['password'], PASSWORD_BCRYPT) === $password) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
// Wrong password
echo 'Incorrect User/Pass!';
}
} else {
// Wrong username
echo 'Incorrect User/Pass!';
}
$stmt->store_result();
$stmt->close();
}
Thats why i thought there may have been an issue elsewhere in the submit.php i posted above.
__________________
SOMETHING EXTREME IS COMING SOON!
Publisher Bucks is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote