Reputation: 41
Password submitted in form does not match password at the database
I wrote a login form, and after hitting the submit button, I want to check if the user exists at the database.
if(isset($_POST['submitBtn'])){
if($_POST['senderLogin'] == 'customer'){
$checkIfExists = new CustomersDAO();
$stam = $checkIfExists->isExist($_POST["name"], $_POST["password"]);
var_dump($stam);
}
}
And the checking I do like that:
public function isExist($name, $password) {
$this->connect();
if($this->con){
$sql = "SELECT * FROM customers WHERE name=? AND password=?";
$stmt = $this->db->prepare($sql);
$password = md5($password);
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $password);
$stmt->execute();
$fetched = $stmt->fetchColumn();
$this->disconnect();
if($fetched > 0) {
return true;
} else {
return FALSE;}
}
}
The passwords at the database are encrypted with md5.
I tried to type a user that exists at the customers table, and it didn't work.
I tried to match only the names and it worked, so the problem is with the comparison of the password submitted with the passwords at the database.
Upvotes: 0
Views: 485
Answers (2)
Reputation: 2576
There seems to be nothing wrong with your code, and...
"I tried to match only the names and it worked, so the problem is with the comparison of the password submitted with the passwords at the database."
When using hash functions with passwords or sensitive data, developers generally append "salt" strings to it to help prevent easy break of these hashs. I see that in your code you just use md5() on the password without any kind of salt. And maybe on the other point of the script, in the function that adds user to the database for example, you are hashing the password with some salt and obviously the hash won't match.
Upvotes: 0
Reputation: 33
you need to encrypt your password with md5
if(isset($_POST['submitBtn'])){
if($_POST['senderLogin'] == 'customer'){
$checkIfExists = new CustomersDAO();
$stam = $checkIfExists->isExist($_POST["name"], md5($_POST["password"]) );
var_dump($stam);
}
}
Upvotes: -3
Related Questions
- Missing Password check
- md5 password confirmation failing
- can't update my password to db
- Password is not matching for my PHP login form
- Password_Verify always returns false after switching to PDO?
- password_verify function not working
- PHP Can't use a hashed password in a PDO query
- When entering a login password, password to be checked doesn't ==
- Password hash returning false
- Not matching md5 passwords