CODEWITHSUNDEEP
phpauthentication
Small Legend
Small Legend

Reputation: 688

Not recognising password in database PHP MYSQLi

I have a registration form which allows users to create a username and password which is then stored in the database.

<?php
//values to be inserted in database table
//session_start();
include('connect.php');

//Fixed cost of 10 to fit server req
//Random salt to be added to the pass
$options = [
    'cost' => 10,
    'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];

$email = $_POST['email'];
$password= password_hash($_POST['password'], PASSWORD_BCRYPT, $options);
$username= $_POST['username'];

$query = "INSERT INTO users (username, email, password) VALUES(?, ?, ?)";
$statement = $mysqli->prepare($query);

//bind parameters for markers, where (s = string, i = integer, d = double,  b = blob)
$statement->bind_param('sss', $username, $email, $password);

if($statement->execute()){
     print 'Success! ID of last inserted record is : ' .$statement->insert_id .'<br />'; 
}else{
     die('Error : ('. $mysqli->errno .') '. $mysqli->error);
}
$statement->close();
?>

And here is my script in which checks whether the users inputted username and password exist.

<?php
include 'connect.php';
if ( !isset($_POST['username'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    die ('Username and/or password does not exist!');
}
// Prepare our SQL 
if ($stmt = $mysqli->prepare('SELECT password FROM users WHERE username = ?')) {
    // Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
    $stmt->bind_param('s', $_POST['username']);
    $stmt->execute(); 
    $stmt->store_result(); 
    // Store the result so we can check if the account exists in the database.
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($password);
        $stmt->fetch();      
        // Account exists, now we verify the password.
        if (password_verify($_POST['password'], $password)) {
            // Verification success! User has loggedin!
                        echo 'You have logged in!';
        } else {
            echo 'Incorrect username and/or password!';
        }
    } else {
        echo 'Incorrect username blar password!';
    }
    $stmt->close();
} else {
    echo 'Could not prepare statement!';
}
?>

It is outputting Incorrect username and/or password, so I am assuming the problem is with the way I've hashed the passwords in the registration system or whether its simply not finding the details I'm looking for.

HTML Form:

<div class="logmod__heading">
          <span class="logmod__heading-subtitle">Enter your username and password <strong>to sign in</strong></span>
        </div> 
        <div class="logmod__form">
          <form accept-charset="utf-8" action="loggedIn.php" method='POST' class="simform">
            <div class="sminputs">
              <div class="input full">
                <label class="string optional" for="user-name">Username*</label>
                <input class="string optional" maxlength="255" id="user-email" placeholder="username" type="username" name='username' size="100" />
              </div>
            </div>
            <div class="sminputs">
              <div class="input full">
                <label class="string optional" for="user-pw">Password *</label>
                <input class="string optional" maxlength="255" id="user-pw" placeholder="Password" type="password" name='password' size="100" />
                                        <span class="hide-password">Show</span>
              </div>
            </div>
            <div class="simform__actions">
              <input class="sumbit" name="commit" type="submit" value="Log In" />
              <span class="simform__actions-sidetext"><a class="special" role="link" href="#">Forgot your password?<br>Click here</a></span>
            </div> 
          </form>
        </div>

Upvotes: 3

Views: 427

Answers (1)

Funk Forty Niner
Funk Forty Niner

Reputation: 74216

type="username" isn't a valid form element type.

Change that to type="text"

However, I did mention that earlier in comments:

type="username" use type="text" – Fred -ii- 20 mins ago

Comment link...

  • I did say "use" and not "try" ;-)

You may have thought that a "username" type was HTML5 syntax; it isn't.

To see the list of valid HTML5 input type, consult the following link:

Pulled from the W3.org page:

The input element is a multipurpose element for representing input controls. The details of the input element are described in the following sections:

  • input type=text
  • input type=password
  • input type=checkbox
  • input type=radio
  • input type=button
  • input type=submit
  • input type=reset
  • input type=file
  • input type=hidden
  • input type=image
  • input type=datetime NEW
  • input type=datetime-local NEW
  • input type=date NEW
  • input type=month NEW
  • input type=time NEW
  • input type=week NEW
  • input type=number NEW
  • input type=range NEW
  • input type=email NEW
  • input type=url NEW
  • input type=search NEW
  • input type=tel NEW
  • input type=color NEW

Sidenote about using varchar(60) for your password column, and pulled from the password_hash() manual:

PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

Upvotes: 5

Related Questions