I'm currently trying to make a login system based on items in a database. Right now, this is what I have - based on a video - but when I try to login with the right password, I always get the error that the password ($pwcheck) is false.
I'm new to PHP and I don't know how to fix this. Any help would be appreciated!
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$empid = $_POST['empid'];
$password = $_POST['password'];
if (empty($fname) || empty($lname) || empty($empid) || empty($password)) {
header('Location: ../admin_login.php?error=emptyfields&fname='.$fname."&lname=".$lname);
exit();
} else {
$sql = 'SELECT * FROM employee WHERE first_name=? AND last_name=? AND emp_id=?;';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('Location: ../admin_login.php?error=sqlerror');
exit();
} else {
mysqli_stmt_bind_param($stmt, 'sss', $fname, $lname, $empid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwcheck = mysqli_password_verify($password, $row['admin_password']);
if (!$pwcheck) {
header('Location: ../admin_login.php?error=incorrectpassword');
exit();
} else {
session_start();
$_SESSION['fname'] = $row['first_name'];
$_SESSION['lname'] = $row['last_name'];
header('Location: ../admin_page.php');
exit();
}
} else {
header('Location: ../admin_login.php?error=nouserfound');
exit();
}
}
}
} else {
header('Location: ../admin_login.php');
exit();
}
I think @timBrownlaw has nailed it.
mysqli_password_verify() is not a function I recognise either. If you are comparing a password to a stored hash (hopefully that is how you are storing passwords) then you want password_verify() https://www.php.net/manual/en/function.password-verify.php
Try that instead, then $pwcheck shouldn't be false if they match.
If you want to know more about securely hashing passwords for storage, https://www.php.net/manual/en/function.password-hash.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.