This is my registration code. I used password_hash with default_ password, and also use many codes for login. Probably some words would sound unfamiliar cause English is not my native language and I didn't translate unimportant words.
Here is registration code. It works, and I am able to register new user. But Login code always returns wrong password no matter what I do. I guess that problem is with registration code.
I will post login code in first response to this question because it would be too much code for one post
<?php
$mysqli = new mysqli("localhost", "root", "", "sajt");
if($mysqli->error)
{
die("Error:" . $mysqli->error);
}
$username="";
$email="";
$password1="";
$password2="";
if(isset($_POST['insert']))
{
if((!$_POST['username']) || (!$_POST['email']) || (!$_POST['password1']) || (!$_POST['password2']))
{
echo "Fields are empty";
}
else
{
$username=$_POST['username'];
$email=$_POST['email'];
$password1=$_POST['password1'];
$password2=$_POST['password2'];
$qryName = "select * from korisnik where username = '" . $_POST['username'] . "'";
$qryEmail = "select * from korisnik where username = '" . $_POST['email'] . "'";
$findEmail = $mysqli->query($qryEmail);
$findUsername = $mysqli->query($qryName);
if($findUsername->num_rows > 0)
{
echo "Username already in user!";
}
else if($findEmail->num_rows > 0)
{
echo "Email already in use!";
}
$passwordHash = password_hash($password1, PASSWORD_DEFAULT);
$qryInsert = "insert into korisnik (username, email, password, role)
VALUES ('" . $username
. "','" . $email
. "','" . $passwordHash . "'
, 'User')";
if ($password1===$password2)
$result=$mysqli->query($qryInsert);
else
$result=false;
if($result)
{
?>
<div class="alert alert-success alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Registration success!</strong>
</div>
<?php
}
else
{
?>
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Registration failed!</strong>
</div>
<?php
}
}
}
?>
<div class="form-group">
<label for="username">User name</label>
<input type="text" class="form-control" id="username" name="username" value="<?php echo $username ?>" placeholder="Username" required>
</div>
<div class="form-group">
<label for="email">email address</label>
<input type="email" class="form-control" id="email" name="email" value="<?php echo $email ?>" placeholder="Email address" required>
</div>
<div class="form-group">
<label for="password1">Password</label>
<input type="password" class="form-control" id="password1" name="password1" value="<?php echo $password1 ?>"placeholder="Password" required>
</div>
<div class="form-group">
<label for="password2">Repeat password</label>
<input type="password" class="form-control" id="password2" name="password2" value="<?php echo $password2 ?>" placeholder="Repeat password" required>
</div>
<button type="submit" name="insert" value="Register" class="btn btn-warning btn-lg btn-block"><span class="glyphicon glyphicon-hand-right" aria-hidden="true"></span>Register</button>
</div>
</form>```
Here is my last login code that always return wrong password, as every single login code I've tried before. So I post both login and register codes.
<?php
$username="";
$password="";
$conn = mysqli_connect ('localhost', 'root', '', 'sajt');
$error_message = "";
function error ($error) {
echo $error;
die();
}
if ($conn->connect_error) {
die ("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT username, password FROM korisnik";
$query = mysqli_query ($conn, $sql);
while ($row = mysqli_fetch_assoc ($query)) {
echo 'Username: ' . $row["username"] . '<br>' . 'Password: ' . $password . '<br>' . 'Hashed Password: ' . $row["password"] . '<br><br>';
}
if (isset($_POST['submit2'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$hashed_password = "SELECT password FROM korisnik WHERE username = '" . $username . "'";
$query = mysqli_query ($conn, $hashed_password);
$row = mysqli_fetch_assoc ($query);
$hashed_password = $row['password'];
$password_input = password_verify($password, $hashed_password);
$result = mysqli_fetch_assoc ($query);
$login_cred = "SELECT * FROM users WHERE username='$username'";
if ($password_input) {
echo 'The password you entered is correct!';
}
else {
echo 'The password you entered is incorrect!';
}
}
?>
<div class="col-md-6">
<form name="logovanje" method="POST">
<div class="page-header">
<h2>Log in</h2>
</div>
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" class="form-control" id="username" value="<?php echo $username ?>" placeholder="Username">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" class="form-control" id="password" value="<?php echo $password ?>" placeholder="Password">
</div>
<button type="submit" name="submit2" class="btn btn-success btn-lg btn-block">Log in<span class="glyphicon glyphicon-arrow-right" aria-hidden="true"></span></button>
</form>
</div>
I solved problem. I just didn't allocate enough space in database. I made column password, type varchar(50) instead of varchar(255).
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments