Hi i'm facing a serious problem when i try to connect to an account!! always showing error password or username wrong! i'm using md5 hashed password in mysql !! here's my login page code and mysql table query image :
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
include_once('module/config.php');
if(isset($_SESSION['id'])){
header("location: index.php");
}
if(isset($_POST['login'])){
$identification = $_POST['username'];
$identification = mysqli_real_escape_string($link, $identification);
$password = $_POST['password'];
$password = mysqli_real_escape_string($link, $password);
if($identification == "" || $password == "")
{
echo "Error Username / Password Wrong !";
}else {
$sql ="SELECT * FROM usrr WHERE usrname='$identification' LIMIT 1";
$query = mysqli_query($link, $sql);
if (!$query ) { die(mysqli_error($link)); }
$row = mysqli_fetch_array($query);
$id= $row['uid'];
$db_pss =$row['usrpass'];
if (password_verify($password, $db_pss)){
$_SESSION['id'] = $id;
$_SESSION['name'] = $row['name'];
header("location: index.php");
}else{
echo "Error Username / Password Wrong !";
}
}
}
?>
<form method="post">
<label>username : </label>
<input type="text" name="username"><br/>
<label>password : </label>
<input type="password" name="password"><br/>
<input type="submit" name="login" value="login">
</form>
password_verify
works on password_hash
and NOT on md5
hash
Please check the documentation: http://php.net/manual/en/function.password-hash.php
UPDATE:
The problem is actually on the sign up or adding the user on the DB . Not on the sign in.
When the user sign up use this
$pwHash = password_hash($userPasssword, PASSWORD_DEFAULT);
$pwHash
is the hash that you should save on the DB. Not the md5
Then you can use your sign in code above. No need to change it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.