MySQL Forums
Forum List  »  PHP

Don't know if the problem is me, mysql or php
Posted by: Bob Biddles
Date: March 10, 2020 12:40PM

Having now got mysql installed and running; php loading in the browser and connecting to mysql and the database I created I've now run into a few new problems and hope someone may be able to help please.

1. I have a 'users' file in the db which holds 4 fields
Id - auto-increment primary key
username - var - unique key
password - var
role - var

My php connects to the db, on both localhost or my internet server (depending on which I'm connected to) and sends a check result to confirm this. It also reads the 'username' no problem (I have a seperate 'register' page which checks that the username is not already used and that works fine) BUT it keeps returning an 'invalid password' on clicking on the Login button.

The code for checking mysql =
$sql = "SELECT * FROM `users` WHERE `username`= "$username" and `password`= "$password"";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);

// Set parameters
$param_username = $username;

// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);

// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
// mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
mysqli_stmt_bind_result($stmt, $id, $username, $password);
if(mysqli_stmt_fetch($stmt)){
// if(password_verify($hashed_password)){
if(password_verify($password)){
// Password is correct, so start a new session
session_start();

// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["userId"] = $id;
$_SESSION["username"] = $username;

// Redirect user to welcome page
header("location: welcome.php");
} else{
// Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else{
// Display an error message if username doesn't exist
$username_err = "No account found with that username.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}

// Close statement
mysqli_stmt_close($stmt);
}

The resut I get is that the username is checked ok but the password throws up the $password_err message.

Thanks

Options: ReplyQuote


Subject
Written By
Posted
Don't know if the problem is me, mysql or php
March 10, 2020 12:40PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.