stackoom
  简体   繁体   中英

How can I correct the error with password verify in my code

 原文  2019-04-03 05:12:19       php

Question

I'm trying to make a log in form. But every time that I try to login it always give a error message that my password is incorrect. Im using md5 to hash my password in the database.

I've tried to remove the hash and password_verify to my code but it automatically login the user with incorrect passowrd 

<?php

if (isset($_POST['login-submit'])) {

require 'dbh.inc.php';

$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];

if (empty($mailuid) || empty($password)){
    header("Location: ../systemlogintut/index1.php?error=emptyfields");
    exit(); 
}
else {
    $sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        header("Location: ../systemlogintut/index1.php?error=sqlerror");
    exit(); 
    }
    else {

        mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        if ($row = mysqli_fetch_assoc($result)) {
            $pwdCheck = password_verify($password, $row['pwdUsers']);
            if ($pwdCheck == false) {
            header("Location: ../systemlogintut/index1.php?error=wrongpwd");
            exit();     
            }
            else if ($pwdCheck == true) {
                session_start();
                $_SERVER['userId'] = $row['idUsers'];
                $_SERVER['userUid'] = $row['uidUsers'];
                header("Location: ../systemlogintut/index1.php?login=success");
            exit();
            }
            else {
            header("Location: ../systemlogintut/index1.php?error=wrongpwd");
            exit();
            }
        }
        else {
            header("Location: ../systemlogintut/index1.php?error=nouser");
            exit(); 
        }
    }
  }
}
else {
  header("Location: ../systemlogintut/index1.php");
  exit();
}

3 answers

solution1
 0  2019-04-03 05:22:02

You are automatically logging in the user, change the redirect code in this line 

if ($row = mysqli_fetch_assoc($result)) 
{
   $pwdCheck = password_verify($password, $row['pwdUsers']);
     if ($pwdCheck == false) {
        header("Location: ../systemlogintut/index1.php?error=wrongpwd"); // change the redirection here
     exit();     
}

solution2
 0  2019-04-03 05:31:03

I just change it to: 

$hashedPwd = password_hash($password, PASSWORD_DEFAULT);

instead of using: 

$hashedPwd = mb5($password, PASSWORD_DEFAULT);

solution3
 0  2019-04-03 06:19:30

试试吧$ password = md5($ _ POST ['pwd']);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can i use PHP to verify if both password and pin is correct before logging in? Why i can login without correct password? Why password_verify always returns true? Why is my password_verify function not matching the correct passwords together that I enter and know is what is in the database How can I encrypt password to md5 in my php code How can i check to see if my WordPress code is correct? How can I correct my PHP code for this SQL query? Verifying and creating hashed password error, I can create an account with hashed password, however, I cannot verify it? How can I verify my Gmail Oauth process when I'm not given a verification code? why can't i view my password even answer is correct? where do i put the password_verify function in my code please?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM