I am having an issue with login function. For some reason the crypt function is not working. When I try to log in it kept telling me that my username and password are wrong.I am using PHP 5.4.
<?php
class USER
{
private $database;
function __construct($DB_connection)
{
$this->database = $DB_connection;
}
public function register($first_name,$last_name,$username,$email,$password)
{
try
{
$hash_format ="$2y$10$";
$salt = "Salt22Characters0rMore";
$format_and_salt = $hash_format . $salt;
$created_password = crypt($password);
$res = $this->database->prepare("INSERT INTO tb_users(username,email,password)
VALUES(:username, :email, :password)");
$res->bindparam(":username", $username);
$res->bindparam(":email", $email);
$res->bindparam(":password", $created_password);
$res->execute();
return $res;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($username,$email,$password, $created_password)
{
try
{
$res = $this->database->prepare("SELECT * FROM tb_users WHERE username=:username OR email=:email LIMIT 1");
$res->execute(array(':username'=>$username, ':email'=>$email));
$userRow=$res->fetch(PDO::FETCH_ASSOC);
if($res->rowCount() > 0)
{
if
(crypt($password, $userRow['password']) == $created_password)
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
You will need to change the way you use the class. Try this:
<?php
class USER
{
private $database;
function __construct($DB_connection)
{
$this->database = $DB_connection;
}
public function register($username,$email,$password)
{
try
{
$created_password = $this->saltPassword($password);
$res = $this->database->prepare("INSERT INTO tb_users(username,email,password)
VALUES(:username, :email, :password)");
$res->bindparam(":username", $username);
$res->bindparam(":email", $email);
$res->bindparam(":password", $created_password);
$res->execute();
return $res;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($username,$email,$password)
{
try
{
$res = $this->database->prepare("SELECT * FROM tb_users WHERE username=:username OR email=:email LIMIT 1");
$res->execute(array(':username'=>$username, ':email'=>$email));
$userRow=$res->fetch(PDO::FETCH_ASSOC);
if($res->rowCount() > 0)
{
if
($this->saltPassword($password) === $userRow['password'])
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
private function saltPassword($password)
{
$hash_format ="$2y$10$";
$salt = "Salt22Characters0rMore";
$format_and_salt = $hash_format . $salt;
return crypt($password, $format_and_salt);
}
}
?>
Related
I'm making a sort of instagram and therefor I need a register page. I want to check of the password is equal or longer than 8 characters and if password and passwordconfirmation are the samen.
I've tried making a new class Security or a try - catch.
register.php
if ( !empty($_POST)) {
$user = new User();
$user->setFullname($_POST['fullname']);
$user->setUsername($_POST['username']);
$user->setEmail($_POST['email']);
$user->setPassword($_POST['password']);
$user->setPasswordConfirmation($_POST['password_confirmation']);
if( $user->passwordsAreSecure()) {
if($user->register()) {
session_start();
$_SESSION['email'] = $user->getEmail();
header('location: index.php');
} else {
$error = true;
}
} else {
$error2 = true;
}
}
My user class
public function passwordIsStrongEnough(){
if( strlen( $this->password ) <= 8 ){
return false;
}
else {
return true;
}
}
public function passwordsAreEqual(){
if( $this->password == $this->passwordConfirmation ){
return true;
}
else {
return false;
}
}
public function passwordsAreSecure(){
if( $this->passwordIsStrongEnough()
&& $this->passwordsAreEqual() ){
return true;
}
else {
return false;
}
}
function register
public function register() {
$password = Security::hash($this->password);
try {
$conn = Db::getInstance();
$statement = $conn->prepare('INSERT INTO users (fullname, username, email, password) values (:fullname, :username, :email, :password)');
$statement->bindParam(':fullname', $this->fullname);
$statement->bindParam(':username', $this->username);
$statement->bindParam(':email', $this->email);
$statement->bindParam(':password', $password);
$result = $statement->execute();
return($result);
} catch ( Throwable $t ) {
return false;
}
}
I want to get to the if( $user->passwordsAreSecure()) { so there is a session but now the form fields go empty and nothing happens.
I'm not sur to understand where is you problem. You haven't ask any question... But you can do all your code just like this :
if (!empty($_POST)) {
$user = new User();
$user->setFullname($_POST['fullname']);
$user->setUsername($_POST['username']);
$user->setEmail($_POST['email']);
$user->setPassword($_POST['password']);
$user->setPasswordConfirmation($_POST['password_confirmation']);
if ($_POST['password'] == $_POST['password_confirmation']
&& strlen($_POST['password']) > 8) {
if ($user->register()) {
session_start();
$_SESSION['email'] = $user->getEmail();
header('location: index.php');
} else {
$error = true;
}
} else {
$error2 = true;
}
}
The password is hashed and enters the db when i try to verify it it returns false every time i have echoed out the password going in and the db password the column in the database is the correct size
<?php
require_once('dbconfig.php');
class USER
{
private $conn;
public function __construct()
{
$database = new Database();
$db = $database->dbConnection();
$this->conn = $db;
}
public function runQuery($sql)
{
$stmt = $this->conn->prepare($sql);
return $stmt;
}
public function register($uname, $umail, $upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare("INSERT INTO USERS(USERNAME, EMAIL, PASSWORD) VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function doLogin($uname, $umail, $upass)
{
try
{
$stmt = "SELECT USERID, USERNAME, EMAIL, PASSWORD, FIRSTNAME FROM USERS WHERE USERNAME = :uname OR EMAIL = :umail ";
$stmt = $this->conn->prepare($stmt, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL));
$stmt->bindparam(':uname', $uname);
$stmt->bindparam(':umail', $umail);
$stmt->execute();
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$db_password = $userRow['PASSWORD'];
$sql = "SELECT COUNT(*) FROM USERS WHERE USERNAME = :uname OR EMAIL = :umail";
$sql = $this->conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL));
$sql->bindparam(':uname', $uname);
$sql->bindparam(':umail', $umail);
$sql->Execute();
$row = $sql->fetch(PDO::FETCH_ASSOC);
if($row == 1)
{
if(password_verify($upass, $userRow['PASSWORD']))
{
$_SESSION['USER_SESSION'] = $userRow['USERID'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['USER_SESSION']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function doLogout()
{
session_destroy();
unset($_SESSION['USER_SESSION']);
return true;
}
}
?>
edit to the code i have added the whole user class but it is still returning false the password in the db looks like this $2y$10$16aMCo14n.QyON8dFsaFL..6Fi92LuBdWMCI3eAv3WHKJTblJKQ6q the column in the db is set to nvarchar (255) not null
its my first time here i have a question im making a register form but i need to insert to 2 databases here is my code.
when i run its only register in one database sometimes db1 other times db2
-Sorry for my bad english
-Here's register.php
require_once 'config/dbconfig.php';
if($user->is_loggedin()!="")
{
$user->redirect('home.php');
}
if(isset($_POST['btn-signup']))
{
$uname = trim($_POST['txt_uname']);
$umail = trim($_POST['txt_umail']);
$upass = trim($_POST['txt_upass']);
$rpass = trim($_POST['txt_rpass']);
if($uname=="") {
$error[] = "provide username !";
}
else if($umail=="") {
$error[] = "provide email id !";
}
else if(!filter_var($umail, FILTER_VALIDATE_EMAIL)) {
$error[] = 'Please enter a valid email address !';
}
else if($upass=="") {
$error[] = "provide password !";
}
else if(strlen($upass) < 6){
$error[] = "Password must be atleast 6 characters";
}
elseif($upass != $rpass){
$msg = "passwords doesn't match";
}
else
{
try
{
$stmt = $DB_con->prepare("SELECT user_name,user_email FROM users WHERE user_name=:uname OR user_email=:umail");
$stmt2 = $DB_con2->prepare("SELECT user_name,user_email FROM users WHERE user_name=:uname OR user_email=:umail");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$stmt2->execute(array(':uname'=>$uname, ':umail'=>$umail));
$row=$stmt->fetch(PDO::FETCH_ASSOC);
if($row['user_name']==$uname) {
$error[] = "sorry username already taken !";
}
else if($row['user_email']==$umail) {
$error[] = "sorry email id already taken !";
}
else
{
if($user->register($fname,$lname,$uname,$umail,$upass))
{
$user->redirect('register.php?joined');
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
-Here Class.User.php
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($fname,$lname,$uname,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(user_name,user_email,user_pass)
VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($uname,$umail,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname OR user_email=:umail LIMIT 1");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
-and the DBConfig.php
<?php
session_start();
$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "";
try
{
$DB_con = new PDO("mysql:host= {$DB_host};dbname=dblogin",$DB_user,$DB_pass);
$DB_con2 = new PDO("mysql:host= {$DB_host};dbname=dblogin2",$DB_user,$DB_pass);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$DB_con2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
include_once 'class.user.php';
$user = new USER($DB_con);
$user2 = new USER($DB_con2);
I am trying to make my own custom CMS, I can register users and can login aswel, Now I am trying to make a function for user roles,
File: class.user.php
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
File: Home.php
<?php
$userrole = getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
When I try to do this, the error shows up:
Fatal error: Call to undefined function getUserrole() in /Applications/MAMP/htdocs/test/home.php on line 24
I can see something wrong and I was hoping you guys could help me out here:)
Entire class.user.php :
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($uname,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(user_name,user_email,user_pass)
VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($uname,$umail,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname OR user_email=:umail LIMIT 1");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
}
?>
Require the class within your home.php, init it and than call the function
<?php
require_once 'class.user.php';
$userClass = new USER(<yourdbcon>);
$userrole = $userClass->getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
For some reason validatelogin returns false, while i'm sure the credentials are correct. Is there something wrong with the syntax I'm using? Thanks in advance!
function validateLogin($username, $password)
{
var_dump(func_get_args());
if($stmt = $this->dbh->prepare("SELECT * FROM user WHERE username = ? AND password = ?"))
{
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
if($stmt->num_rows > 0)
{
$user = $stmt->fetch_assoc();
return $user;
}
return false;
}
}
function login()
{
$this->username = $_POST['username'];
$this->password = $_POST['password'];
if(!empty($this->username) && !empty($this->password))
{
$user = $this->userModel->validateLogin($this->username, $this->password);
var_dump($user); //FALSE
if($user){
$this->user = $user;
$_SESSION['user_id'] = $user['id'];
header('Location: http://localhost/cms/user.php?id=' . $_SESSION['user_id']);
}
else
{
echo "user not found";
}
}
else
{
echo "not filled";
}
}
i think your function is returning false because you tell it to return fase within the if $stmt, give this a shot:
function validateLogin($username, $password)
{
var_dump(func_get_args());
if($stmt = $this->dbh->prepare("SELECT * FROM user WHERE username = ? AND password = ?"))
{
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
if($stmt->num_rows > 0)
{
$user = $stmt->fetch_assoc();
return $user;
}
else{
return false;
}
}
else{
return false;
}
}