PHP PDO login Username and Password not found
Question
So i followed a tutorial that shows how to login,
But i made a username and password in my phpmyadmin, But everytime when i try to login it says: Username or Password not found this is the code;
<!--Begin webshop WOOOH-->
<?php
session_start();
//DB configuration Constants
include("class.php");
//PDO Database Connection
try {
$databaseConnection = new PDO('mysql:host='._HOST_NAME_.';dbname='._DATABASE_NAME_, _USER_NAME_, _DB_PASSWORD);
$databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if(isset($_POST['submit'])){
$errMsg = '';
//username and password sent from Form
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($username == '')
$errMsg .= 'You must enter your Username<br>';
if($password == '')
$errMsg .= 'You must enter your Password<br>';
if($errMsg == ''){
$records = $databaseConnection->prepare('SELECT id,username,password FROM tbl_users WHERE username = :username');
$records->bindParam(':username', $username);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
if(count($results) > 0 && password_verify($password, $results['password'])){
$_SESSION['username'] = $results['username'];
header('location:dashboard.php');
exit;
}else{
$errMsg .= 'Username and Password are not found<br>';
}
}
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="css/reset.css">
<title>Webshop 2016</title>
</head>
<body>
<div id="wrapper">
<div id="header">
<ul>
<li><a href="#">Info</a></li>
<li><a href="#">Login</a></li>
<li><a href="#">Webshop</a></li>
<li><a href="#">Home</a></li>
</ul>
</div>
<!--Main content!-->
<div id="content">
<div align="center">
<div style="width:300px; border: solid 1px #006D9C; " align="left">
<?php
if(isset($errMsg)){
echo '<div style="color:#FF0000;text-align:center;font-size:12px;">'.$errMsg.'</div>';
}
?>
<div style="background-color:#006D9C; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="" method="post">
<label>Username :</label><input type="text" name="username" class="box"/><br /><br />
<label>Password :</label><input type="password" name="password" class="box" /><br/><br />
<input type="submit" name='submit' value="Submit" class='submit'/><br />
</form>
</div>
</div>
</div>
</div>
<div id="footer">
Footer
</div>
</div>
</body>
</html>
This is the class.php (the connection file)
<?php
define('_HOST_NAME_', 'localhost');
define('_USER_NAME_', 'root');
define('_DB_PASSWORD', '####');
define('_DATABASE_NAME_', 'ws_webshop');
//PDO Database Connection
try {
$databaseConnection = new PDO('mysql:host='._HOST_NAME_.';dbname='._DATABASE_NAME_, _USER_NAME_, _DB_PASSWORD);
$databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
?>
Does anyone see the problem?
the user and pass is demo / demo but he says theres no Username or password found...
1 answers
solution1
3 ACCPTED 2016-01-14 21:06:02
From the docs :
Returns TRUE if the password and hash match, or FALSE otherwise.
If you did not use password_hash() to insert the password in the database your check using password_verify() attempt here:
if(count($results) > 0 && password_verify($password, $results['password'])){
will always fail because the function expects a plain password to compare against the hashed value of the password. for more insight on PHP's password functions read this post.
In addition you may find yourself wanting to limit passwords and you really shouldn't do that .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.