This question already has answers here:
The 3 different equals
(5 answers)
Closed 7 years ago.
i am trying to make a website using php with mysql database..
here is my code
<?php
$con=mysql_connect("localhost", "root", "");
mysql_select_db("mydatabase", $con);
$query = "INSERT INTO tblSecurity Values('".$_POST['txtUser']."','".$_POST['txtPass']."')";
$password = $_POST['txtPass'];
$confirm = $_POST['txtPassConfrm'];
mysql_query($query, $con);
if($password = $confirm)
{
Header("Location: Login.php");
}
else
{
echo"Verify your Answer";
}
?>
the problem is, how can i verify if the confirm password is same with the password inputted, this code works but it wont move to ELSE even the passwords are not the same. can anyone help me correct this please.. thanks
better practice is check two passwords are same in inputting stage.
here also code is correct , only mistake is php needs == instead of =.
Related
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I am writing a login form with PHP and Mysql.
I did everything its just the forgot password that is not working.
It sends me email confirmation but it does not update the password in the database.
First is the forgot page, then sends an email and redirect me to the confirm_pass.html page where is the form for the two passwords and on this page executes the confirm_pass.php where is doing everything, except updating the password in the database.
Please help.
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpass'] ) {
$new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);
$email = $mysqli->escape_string($_POST['email']);
$confirm_code = md5(rand().$password);
$result = "UPDATE `mv_db`.`users` SET `password`='$new_password', `confirm`='$confirm_code' WHERE `email`='$email'";
if ( $mysqli->query($result) ) {
header("location: login.html");
}
}
else {
$_SESSION['message'] = " The two passwords you entered don't match, try again!";
header("location: error.php");
}
}
?>
Your $_POST['email'] is not defined, because there is no "email" field in your HTML form.
So nothing is updated in database, because there is no matching record.
This question already has answers here:
How do you use bcrypt for hashing passwords in PHP? [duplicate]
(11 answers)
PHP & MYSQL: using bcrypt hash and verifying password with database
(2 answers)
Closed 5 years ago.
i'm trying to make the password_verify match the crypt password in the database, but i'm having a problem, it seems it doesn't match.
I already search for this and i've found that i need to use VARCHAR with a maximum length of 255 and still doesn't work.
Here is the code:
if( isset($_POST['bG9n']) && "bG9naW4") {
$email = $_POST['email'];
$pass= $_POST['pass'];
if($pass) {
$crypt = password_hash($pass,PASSWORD_BCRYPT);
$decrypt = password_verify($pass,$crypt);
}
if(password_verify($pass,$crypt)) {
echo "Sucess"; // It does echo Sucess
}
if (!empty($email) && !empty($pass) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($pass,$crypt)) {
$sql = "SELECT email, pass FROM clientes WHERE email ='$email' AND pass = '$decrypt' ";
$query = $DB_con->prepare($sql);
$query->execute();
$count = $query->rowCount();
if($count == 1){
$_SESSION['email'] = $email;
$_SESSION['pass'] = $decrypt;
header("Location: home.php");
}
else {
echo "<BR>Error";
}
}
Probably is an easy fix but i can't seem to find what's wrong.
Thanks everyone in advance.
It's a normal behaviour. Hash with bcrypt is not deterministic, it differs from launch to launch, so you can't query it.
You have to check if it matches not via mysql but via php.
So, first get it from database, then $isVerified = password_verify($pass, $hashFromDB);
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 6 years ago.
i need to confirm login using Php and mysql. My codes keep bringing 'username and password not correct even when it is. Please where did i get it wrong.
HTML code looks like this
PHP code looks like this
enter image description here
Thank you
issue 1 : $user_name = $_POST['username']; you have used single quotes wrongly . Same for password in the screen shot. http://i.stack.imgur.com/FlUyR.jpg
issue 2 : mysqli_query($CONNECTIONHANDLER, $QUERY) but you are missing connectionhandler.
Full Code changes :
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['pass_word']);
$rs = mysqli_query($con, "Select username, pass_word from verify where username = '%s' and pass_word = '%s'", $username, $upassword);
$check_user = mysqli_num_rows($rs);
if($check_user>0){
echo "Logged in / valid user ";
} else {
echo "username / password incorrect";
}
change
'$_POST[username]' to $_POST['username'] and same goes for password.
You are actually assigned string values instead of getting them from $_POST array
Remove simple quote
$username = $_POST['username'];
$password = $_POST['pass_word'];
Keep in mind that POST input should ALWAYS be sanitized to avoid injection
I think you are doing it wrong. Also you just posted your username and password on the internet.
The query is redundant. You should just check for the presence of a user with such username and password (for example Select Count(*) from...)
the second control you are doing is superfluous. Also you are declaring a variable inside a while and you are trying to access those values from outside of it.
Also there are some syntactic errors like quotes and stuff that other users already suggested.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
Hi! The objective of this code is to log-in to a website. This code has no error but still doesn't redirect to a profile page. Please, help. Thank you!
<?php
include("dbconnect.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "post")
{
$username = $_POST['student'];
$password = $_POST['password'];
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn=$username AND pw=$password");
$row=mysqli_fetch_array($query,MYSQLI_ASSOC);
$count=mysqli_num_rows($query);
if($count==1)
{
$_SESSION['login_user']=$username;
header("location: main.php");
}
else
{
$error="Username or Password is invalid";
}
}
?>
You need to write you query like this
$query=mysqli_query($dbconfig,"SELECT * FROM members WHERE sn='".$username."' AND pw='".$password."'");
Your query doesn't work. Try with SELECT * FROM members WHERE sn='$username' AND pw='$password'
And also after you execute the query check if the are some errors with
if(!$query)
die(mysqli_error($dbconfig));
P.S. sanitize username and password before inserting them in a query
This question already has answers here:
Why does this PDO statement silently fail?
(2 answers)
Closed 6 years ago.
Im trying to update my data using php but it doesnt work, any ideas?
This is the code, this isnt the full code (its not done) but even the username cant be updated.
<?php
session_start();
include "dbconfig.php";
require "check.php";
if(!empty($_POST['user_name']) || !empty($_POST['user_email'])){
$user_name = trim($_POST['user_name']);
$user_email = trim($_POST['user_email']);
$count=$db_con->prepare("SELECT * FROM users WHERE user_id=:userid");
$count->bindParam(":userid",$_SESSION['user_session'],PDO::PARAM_STR,15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
$sql->bindParam(':username',$user_name,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "Successfully updated Profile";
}
else{
print_r($sql->errorInfo());
}
else {
echo "No data inserted!"
}
include "home.php";
?>
I guess a syntax error in this Line
$sql=$db_con->prepare("update users set user_name=:username where user_id='$row->user_id'");
Corrected
$sql=$db_con->prepare("update users set user_name=:username where user_id="$row->user_id);