Where to put MD5 function to make it work? - php

I need to send md5 hashed password to database.
<?php
$username = filter_input(INPUT_POST, 'name');
$password = filter_input(INPUT_POST, 'password');
print_r($_POST['name']);
if (empty($username)){
echo "Username should not be empty"; die();
}
if (empty($password)){
echo "Password should not be empty"; die();
}
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "db_account";
//create connection
$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_error()){
die('Connect Error ('. mysqli_connect_error() .') '
. mysqli_connect_error());
} else{
$sql = "INSERT INTO t_account (name, pwd)
values ('{$username}','MD5({$password})')";
if ($conn->query($sql)){
echo "Account was created successfully!";
}
else{
echo "Error: ". $sql."<br>". $conn->error;
}
$conn->close();
}
?>
When I fill register form with password for example 123456 it sends it to database like this (MD5)123456 but not as a hashed code.
Also after successfull registration it only shows text after #echo, is possible to redirect user to another page?

Try to use the PHP md5() function:
$password = md5(filter_input(INPUT_POST, 'password'));
Also your statement:
$sql = "INSERT INTO t_account (name, pwd)
values ('{$username}','{$password}')";
I strongly suggest you use prepared statements. Not hard to learn and time well invested.

Related

Adding a back button

I want to add a back button to this php code I'm using. So once I enter in details and click "Register", I get ""New record is inserted sucessfully".
Which is great but I'd like to add a back button that can take me back to another page.
Below is my code. I have no idea where to place the back button either
<?php
$FirstName = filter_input(INPUT_POST, 'FirstName');
$LastName = filter_input(INPUT_POST, 'LastName');
$username = filter_input(INPUT_POST, 'username');
$Email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
if (!empty($username)){
if (!empty($password)){
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
// Create connection
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_error()){
die('Connect Error ('. mysqli_connect_errno() .') '
. mysqli_connect_error());
}
else{
$sql = "INSERT INTO details (Username, Password, FirstName, LastName, Email)
values ('$username','$password','$FirstName','$LastName','$Email')";
if ($conn->query($sql)){
echo "New record is inserted sucessfully";
}
else{
echo "Error: ". $sql ."
". $conn->error;
}
$conn->close();
}
}
else{
echo "Password should not be empty";
die();
}
}
else{
echo "Username should not be empty";
die();
}
?>
if ($conn->query($sql)){
echo "New record is inserted sucessfully";
echo '<button onclick="history.go(-1);">Back </button>';
}
OR
echo 'Back';

Check MySQL database for duplicates before posting new record

I would like to stop user registration if the registered name already exists.
Here is my code:
<?php
$username = filter_input(INPUT_POST, 'name');
$password = md5(filter_input(INPUT_POST, 'password'));
print_r($_POST['name']);
if (empty($username)){
echo "Username should not be empty"; die();
}
if (empty($password)){
echo "Password should not be empty"; die();
}
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "db_account";
//create connection
$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);
// Check the database for duplicate username
$username_check_query = "SELECT * FROM t_account WHERE name='$username' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$username = mysqli_fetch_assoc($result);
if ($username) { // if user exists
if ($username['name'] === $username) {
echo "Username already exists"; die();
}
}
// Register user
if (mysqli_connect_error()) {
die('Connect Error ('. mysqli_connect_error() .') ' . mysqli_connect_error());
} else {
$sql = "INSERT INTO t_account (name, pwd)
VALUES('$username', '$password')";
if ($conn->query($sql)){
echo " Account created successfully!";
}
else{
echo "Error: ". $sql."<br>". $conn->error;
}
$conn->close();
}
}
?>
I'm still a newbie so I got no idea if its even correct. I used a part from a template and edited that. Now when I try to register, it gives me Error 500..
<form action="" method="post">
<input type="text" name="name">
<input type="text" name="password">
<button type="submit">send</button>
</form>
<?php
$username = filter_input(INPUT_POST, 'name');
$password = md5(filter_input(INPUT_POST, 'password'));
print_r($_POST['name']);
if (empty($username)){
echo "Username should not be empty"; die();
}
if (empty($password)){
echo "Password should not be empty"; die();
}
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "db_account";
//create connection
$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);
// Check the database for duplicate username
$username_check_query = "SELECT * FROM t_account WHERE name='$username' LIMIT 1";
$result = mysqli_query($conn, $username_check_query);
$username_from_db = mysqli_fetch_assoc($result);
if ($username_from_db) { // if user
if ($username_from_db['name'] === $username) {
echo "Username already exists"; die();
}
}
// Register user
if (mysqli_connect_error()){
die('Connect Error ('. mysqli_connect_error() .') '
. mysqli_connect_error());
} else{
$sql = "INSERT INTO t_account (name, pwd)
VALUES('$username', '$password')";
if ($conn->query($sql)){
echo " Account created successfully!";
}
else{
echo "Error: ". $sql."<br>". $conn->error;
}
$conn->close();
}
?>

whats wrong in this php code is not inserting to DB

<?php
if(isset($_POST['ok1'])){
$nomo = filter_input(INPUT_POST, 'nomo');
$prenomo = filter_input(INPUT_POST, 'prenomo');
$emailo = filter_input(INPUT_POST, 'emailo');
$ageo = filter_input(INPUT_POST, 'ageo');
$sexeo = filter_input(INPUT_POST, 'sexeo');
$villeo = filter_input(INPUT_POST, 'villeo');
$cpo = filter_input(INPUT_POST, 'cpo');
if (!empty($nomo) && !empty($prenomo) && !empty($emailo) && !empty($ageo) && !empty($sexeo) && !empty($villeo) && !empty($cpo)){
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "srv_msn";
// Create connection
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_error()){
die('Connect Error ('. mysqli_connect_errno() .') '
. mysqli_connect_error());
}
else{
$sql = "INSERT INTO personne (CP, EMAIL, PRENOM, NOM)
values ('$cpo','$emailo','$prenomo','$nomo')";
if ($conn->query($sql)){
echo "New record is inserted sucessfully";
}
else{
echo "Error: ". $sql ."
". $conn->error;
$conn->close();
}
}
}
else {
echo "Password should not be empty";
die();
}
}
?>
if someone can please help me on this code i tried every single solution i found on google and youtube too , i have a form on my website project and i want the informations entered on the form to get inserted to mysql DB but it doesnt insert the information to the database

PHP SQL Why does this give me an error without details

Hi I'm trying to insert data in my database. But I keep on getting the same error for example:
Error: INSERT INTO users (username, password) VALUES ('fff', '$2y$10$YUd1AErIj4RGRnjkFkYlkOn.s9OV62sq8.HVGO2jeE8dSthpgp6ey');
without any details which is very frustrating. I'm new to PHP and SQL so it's not the best written code ever and I know I should use prepared statements.
<?php
require_once '../connection/connection.php';
/**
* Created by PhpStorm.
* User: ezrab
* Date: 3/14/2018
* Time: 5:40 PM
*/
$username = $_POST['username'];
$password = $_POST['password'];
//var_dump($hashed_password);
if (isset($_POST['submit'])) {
if (!empty($username) || !empty($password)) {
if (preg_match('/^[A-Za-z]?[A-Za-z ]*$/', $username) || preg_match('/^[A-Za-z]?[A-Za-z ]*$/', $password)) {
$hashPwd = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO users (username, password) VALUES ('$username', '$hashPwd');";
if ($conn->query($sql) === TRUE) {
echo "Worked!";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
} else {
echo "You can't use certain characters.";
}
} else {
echo "You have to fill in all fields.";
}
} else {
echo "THOU SHALL NOT PASS!";
}
$conn->close();
EDIT: Added my connection.php file for more information.
<?php
$servername = "-----";
$username = "-----";
$password = "------";
$dbname = "------";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$conn->close();
EDIT:
Take
$conn->close();
out of connection.php and problem should be solved
You were opening and then immediately closing the connection before a query could be made

How to password_verify() with hash from database

Attempting to verify the hash password from the database, with the user input via POST. After some brief research it seems the issue may have something to do with not being able to convert the mysqli_query to a string though I do not know how to do that properly, hence the fetch_object() etc which I added from another SO question. I have also adequately accounted for the length of the has with the column set for varchar(255). Appreciate any help or guidance, thanks.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$password = $_POST['password'];
$db_password = mysqli_query($conn, 'SELECT password FROM sec')->fetch_object()->password;
if (password_verify($password, $db_password)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
First get the password hash from the database,then convert the user input password in the hash value.Compare these two values by passing through the function password_verify(), then you will get the proper result.
$password = "test";
$hash = "$2y$10$fXJEsC0zWAR2tDrmlJgSaecbKyiEOK9GDCRKDReYM8gH2bG2mbO4e";
if (password_verify($password, $hash)) {
echo "Success";
}
else {
echo "Error";
}
OR
You can use this one too
$verify=password_verify($_POST['passwrd'],$row[2]);
if($verify){
$_SESSION["usrname"]=$usrname;
echo "Correct";
}
else {
echo "user: " . $usrname. "<br>";
echo "pass: " . $hash. "<br>";
echo "db: " . $row[2]."<br>";
echo "Wrong Username or Password";
}

Categories