CODEWITHSUNDEEP
phppassword-hash
chrida
chrida

Reputation: 1

Trouble logging in with hashed password PHP

Im trying to make a create user/login, but when I try to check if the input password is wrong, I get the same invalid input echo message even though the password I enter is correct. When a user gets created, their passwords gets hashed. This is the code

login.inc.php

<?php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

if ($_SERVER["REQUEST_METHOD"] === "POST") {
    $username = $_POST["username"];
    $password = $_POST["password"];

    try {
        require_once "dbh.inc.php";
        require_once "../models/login_model.inc.php";
        require_once "../controllers/login_controller.inc.php";

        //Error handlers
        $errors = [];

        if (is_input_empty($username, $password)) {
            $errors["empty_input"] = "Fill in all fields!";
        }

        $result = get_user($pdo, $username);

        if (is_username_wrong($result)) {
            $errors["login_incorrect"] = "Incorrect login info!";
        }

        if (is_password_wrong($password, $result["password"])) {
            $errors["login_incorrect"] = "Incorrect login info!";
        }        

        require_once 'config_session.inc.php';

        if ($errors) {
            $_SESSION['errors_login'] = $errors;

            header("Location: ../index.php");
            die();
        }

        $new_session_id = session_create_id();
        $session_id = $new_session_id . "_" . $result["id"];
        session_id($session_id);

        $_SESSION["user_id"] = $result["id"];
        $_SESSION["user_username"] = htmlspecialchars($result["username"]);

        $_SESSION["last_regeneration"] = time();

        header("Location: ../pages/home_page.php.php");
        $pdo = null;
        $stmt = null;
        die();

    } catch (PDOException $e) {
        die("Query failed: " . $e->getMessage());
    }
}
else {
    header("Location: ../index.php");
    die();
}

login_controller.inc.php

<?php
declare(strict_types=1);

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

function is_input_empty(string $username, string $password) {
    if (empty($username) || empty($password)) {
        return true;
    } else {
        return false;
    }
}

function is_username_wrong(bool|array $result) {
    if (!$result) {
        return true;
    } else {
        return false;
    }
}

function is_password_wrong(string $enteredPassword, string $hashedPassword): bool {
    return !password_verify($enteredPassword, $hashedPassword);
}

login_model.inc.php

<?php

declare(strict_types = 1);

function get_user (object $pdo, string $username) {
    $query = "SELECT * FROM users WHERE username = :username;";

    $stmt = $pdo->prepare($query);
    $stmt->bindParam(":username", $username);
    $stmt->execute();

    $result = $stmt->fetch(PDO::FETCH_ASSOC);
    return $result;
}

this is where the user gets inserted to the database

function set_user(object $pdo, string $username,string $email, string $password) {
    $query = "INSERT INTO users (username, email, password, user_type) VALUES (:username, :email, :password, 2);";

    $stmt = $pdo->prepare($query);

    $options = [
        'cost' => 14
    ];
    $hashed_password = password_hash($password, PASSWORD_BCRYPT, $options);

    $stmt->bindParam(":username", $username);
    $stmt->bindParam(":email", $email);
    $stmt->bindParam(":password", $hashed_password);
    $stmt->execute();
}

every method except the is_password_wrong works as it should

I want to be redirected to the home page when the right password is entered, but the is_password_wrong isnt able to do what I excpet, I dont know if it isnt able to un-hash the password. Im new to php

Upvotes: 0

Views: 37

Answers (0)

Related Questions