Reputation: 435
if condition in password verify condition is not working properly in php
HI Guys i am trying to verify one condition in my login page that is if my password is change me then i would like to throw error message saying that please change your password by clicking this link if not i will redirect them to dashboard.
So i wrote if condition for that but what will happen is it is throwing error message if password is not change me also
Here is my code:
if (isset($_POST['signin'])) {
global $DB;
$username = $_POST['username'];
$password = $_POST['password'];
echo $password;
//exit;
$sql = "SELECT * FROM {user} where username = ?";
if ($user = $DB->get_record_sql($sql, array($username))) {
echo $user->password;
//exit;
if (password_verify($password, $user->password)) {
if(password_verify($password!='changeme',$user->password!='changeme')){
if ($user->trackforums == 1) {
complete_user_login($user);
\core\session\manager::apply_concurrent_login_limit($user->id, session_id());
$userauth = get_auth_plugin($USER->auth);
$DB->set_field('user', 'firstaccess', date('YmdHis'), array('id' => $user->id));
$_SESSION['username'] = $user->username;
$_SESSION['firstname'] = $user->firstname;
$_SESSION['idnumber'] = $user->idnumber;
$_SESSION['id'] = $user->id;
$_SESSION['clientid'] = $user->clientid;
$_SESSION['maildigest'] = $user->maildigest;
$_SESSION['skype'] = $user->skype;
$_SESSION['can_access'] = true;
$_SESSION['mnethostid'] = 1;
$_SESSION['confirmed'] = 1;
if (!empty($_POST["remember"])) {
setcookie("member_login", $_POST["username"], time() + (10 * 365 * 24 * 60 * 60));
setcookie("password", $_POST["password"], time() + (10 * 365 * 24 * 60 * 60));
} else {
if (isset($_COOKIE["member_login"])) {
setcookie("member_login", "");
}
if (isset($_COOKIE["password"])) {
setcookie("password", "");
}
}
if ($user->idnumber == '3')
header('location:course.php');
elseif ($user->idnumber == '2')
header('location:course.php');
else
header('location:course.php');
}
else {
?>
<div class="alert alert-danger">
<strong> Sorry, User has been Deactivated. Contact Administrator</strong>
</div>
<?php
}
}
else {
?>
<div class="alert alert-primary">
<strong>Please change your password!By clicking this link <a style="color:black" href="forgot-password.php">Click Here</a></strong>
</div>
<?php
}
} else {
?>
<div class="alert alert-danger">
<strong> Sorry, wrong password.</strong>
</div>
<?php
}
} else {
?>
<div class="alert alert-danger">
<strong> Sorry, wrong username.</strong>
</div>
<?php
}
}
Can anyone help me what is the mistake in my code.
Thanks in advance.
Upvotes: 0
Views: 243
Answers (1)
Reputation: 4860
password_verify takes both parameter as string, not as bool. You are passing them as bool in second password_verify. In following line, $password != 'changeme' & $user->password != 'changeme', both expressions will return bool.
if (password_verify($password != 'changeme', $user->password != 'changeme'))
I think, the above line code should be like:
if ($password != 'changeme')
Upvotes: 3
Related Questions
- Php login password_verify
- PHP password_verify with MYSQL
- password_verify keeps bringing back false
- password_verify not returning true/false
- Compare password in WordPress always return false
- password_verify() not working with database
- PHP password_verify returning false
- MySql Password_verify() not working?
- issues with password_verify in PHP
- Verify User Password Matches Password in Database