220061
Well-Known Coder
Hello I'm trying to do a password_has and password verify for my project. I'm trying to make my project safer step by step. I have already put a pashword hash in my code and that works as you see:
but I can't seem to get it to verify. it either says password incorrect or I can't login at all no matter if I use the hashed account or the other dummy accounts with the password showing in the db. what am i doing wrong?
signup.php
login.php
the html code
and this is my javascript code
any help would be appreciated
but I can't seem to get it to verify. it either says password incorrect or I can't login at all no matter if I use the hashed account or the other dummy accounts with the password showing in the db. what am i doing wrong?
PHP:
<?php
// this code is not really that safe try to make it safer aftehr watchign the tutorial
session_start();
include_once "config.php";
$fname = mysqli_real_escape_string($conn , $_POST['fname']);
$lname = mysqli_real_escape_string($conn , $_POST['lname']);
$email = mysqli_real_escape_string($conn , $_POST['email']);
$password = mysqli_real_escape_string($conn , $_POST['password']);
$password = password_hash($password, PASSWORD_DEFAULT);
if(!empty($fname) && !empty($lname) && !empty($email) && !empty($password)){
//checking if user email is valid or not
if(filter_var($email, FILTER_VALIDATE_EMAIL)){ // check if email is valid
//check if email already exist in de db or not
$sql = mysqli_query($conn, "SELECT email FROM users WHERE email = '{$email}'");
if(mysqli_num_rows($sql) > 0){ // if email already exist
echo "$email - This email already exist";
}else{
//lets check if user uploud file or not
if(isset($_FILES['image'])) { // if file is uploaded
//$_FILES returns us an array with the file name, file type , error file sizen , tmp_name
$img_name = $_FILES['image']['name']; //getting user uploaded img name
$tmp_name = $_FILES['image']['tmp_name']; // this temporary name is used to save/move file into our folder
//explode image and get the image last extension as an png jpg
$img_explode = explode('.', $img_name);
$img_ext = end($img_explode); // get the extension from a user uplouden img file
$extensions = ['png', 'jpeg', 'jpg']; // valid extensions en we hebben ze gestored in een array
if(in_array($img_ext, $extensions) === true){ // if user img uplouded matches with any of the valif images extensions
$time = time(); // this will return us the current time
// we need this because when a user uplouds a picture in to our folder we rename user file with current time
//so all the image files will habe a unique name
//let's move the user uploaded img to our particular folder
// we don't uploud user uplouded file in the db we just save the file url thier.
//actual file will be saved in our particulair folder
//current time will be added the name of user uplouded the img so if the user uplouded 2 different img with the same name then the name of a particulair img will be unique with adding time.
$new_img_name = $time.$img_name;
if(move_uploaded_file($tmp_name, "images/" .$new_img_name)){ //if user uploud img uploud to our folder succesfully
$status = "Active now"; // once user signed up then his status will be active now)
$random_id = rand(time(), 10000000); //create random id for users
//inser all user data inside table
$sql2 = mysqli_query($conn, "INSERT INTO users (unique_id, fname, lname, email, password, img, status)
VALUES ({$random_id}, '{$fname}','{$lname}', '{$email}', '{$password}', '{$new_img_name}', '{$status}')");
if($sql2){ //if these data inserted
$sql3 = mysqli_query($conn, "SELECT * FROM users WHERE email = '{$email}'");
if(mysqli_fetch_assoc($sql3) > 0){
$row = mysqli_fetch_assoc($sql3);
$_SESSION['unique_id'] = $row['unique_id']; //using this session we use user_id in a other php file
echo "success";
}
}else{
echo "Something went wrong!";
}
}
}else{
echo "Please select an Image file - jpeg, jpg, png!";
}
}else{
echo "please select a profile picture!";
}
}
}else{
echo "$email - This is not a valid email!";
}
}else{
echo "All input fields are required!";
}
login.php
PHP:
<?php
//code is not safe yet
session_start();
include_once "config.php";
$email = mysqli_real_escape_string($conn , $_POST['email']);
$password = mysqli_real_escape_string($conn , $_POST['password']);
if(!empty($email) && !empty($password)){
//check if users email and password match with the one in de db
$sql = mysqli_query($conn, "SELECT * FROM users WHERE email = '$email' AND password = '$password'");
if(password_verify($password, $row["password"]))
{
//return true;
if(mysqli_num_rows($sql) > 0){// if the email and pass are correct
$row = mysqli_fetch_assoc($sql);
$status = "Active now";
$sql2 = mysqli_query($conn, "UPDATE users SET status = '{$status}' WHERE unique_id = {$row['unique_id']}");
if($sql2){
$_SESSION['unique_id'] = $row['unique_id']; //using this session we use user_id in a other php file
echo "success";
}
}else{
echo "Email or password is incorrect!";
}
}
else
{
//return false;
echo '<script>alert("Wrong User Details")</script>';
}
}else{
echo "All input fields are required!";
}
?>
the html code
HTML:
<?php
session_start();
if(isset($_SESSION['unique_id'])){ //if user is logged in
header("location: users.php");
}
?>
<?php include_once "header.php";?>
<body>
<div class="wrapper">
<!--Dit is een login form -->
<section class="form login">
<header>Realtime chat app</header>
<form action="#" autocomplete="off">
<div class="error-txt"></div>
<div class="name-details">
<div class="field input">
<label>Email</label>
<input type="text" name="email" placeholder="Enter your email">
</div>
<div class="field input">
<label>Password</label>
<input type="password" name="password" placeholder="Enter your password">
<!--functie die ervoor zorgd dat je je wachtwoord kan zien door op oogje te klikken-->
<i class="fa fa-eye" aria-hidden="true"></i>
</div>
<div class="field button">
<input type="submit" value="Continue to chat">
</div>
</div>
</form>
<div class="link">Nog geen account? <a href="index.php">Regristreer nu!</a></div>
</section>
</div>
<script src="javascript/pass-show-hide.js"></script>
<script src="javascript/login.js"></script>
</body>
</html>
and this is my javascript code
JavaScript:
//code voor de signup form tags
const form = document.querySelector(".login form"),
continueBtn = form.querySelector(".button input"),
errorText = form.querySelector(".error-txt");
form.onsubmit = (e)=>{
e.preventDefault(); //preventing from form submit
}
continueBtn.onclick = ()=>{
//lets start ajax
let xhr = new XMLHttpRequest(); //creating XML object
xhr.open("POST", "php/login.php", true);
xhr.onload = ()=>{
if(xhr.readyState === XMLHttpRequest.DONE){
//shows response of the passed url
if(xhr.status === 200){
let data = xhr.response;
console.log(data);
if(data == "success"){
location.href = "users.php";
}else{
errorText.textContent = data;
errorText.style.display = "block";
}
}
}
}
//sending form data through ajax to php
let formData = new FormData(form); // creating new formdata object
xhr.send(formData); //sending formdata to php
}
any help would be appreciated