What's new

Help [PHP] about sa password_hash na hind maka pasok sa log in page

R

ribbit

Eternal Poster
Established
i got this problem na hind na siya makapag log in simula noong na password_hash

login_run.php
PHP: 
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = $_POST['passw'];
    
    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0 && password_verify($_POST[$passw], $passw)) {
        $_SESSION["usern"] = $usern;
        session_start();


        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        var_dump($passw);
        var_dump($usern);
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}

and na try ko gayahin nakikita ko sa internet tapos try ko din iprint para makita ano bibasa pero eto labas
1652165998143.png


tapos eto po nasa database ko
1652166184533.png
 

Attachments

Sort by date Sort by votes
i select mo sa db using username lang

tas use password_verify($password, $hashed_password) para i check

so magiging ganto

Code: 
password = $_POST['password']
query = select from db using username
hashedPassword = query['password']

if(password_verify($password, $hashedPassword )){
    login success
}else{
    invalid password
}

assuming na ang ginamit sa pag hash ay password_hash
 
Upvote 0 Downvote
PHC_Jayvee said:
i select mo sa db using username lang

tas use password_verify($password, $hashed_password) para i check

so magiging ganto

Code: 
password = $_POST['password']
query = select from db using username
hashedPassword = query['password']

if(password_verify($password, $hashedPassword )){
    login success
}else{
    invalid password
}

assuming na ang ginamit sa pag hash ay password_hash
Click to expand...
multi user po yung log in page also eto po yung code ko kung paano ko na hash $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
 
Upvote 0 Downvote
ribbit said:
multi user po yung log in page also eto po yung code ko kung paano ko na hash $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
Click to expand...
bat mo naman naisipang mag multi user?

pwede naman same user

pero dapat may unique identifier ka

like email or id or what so ever


yun nga lang yung unique identifier gagamitin nila sa pag login


iba iba kasi ibibigay na hash sayo nyan
so impossible na gamitin mo yung hash para i select sa db
 
Upvote 0 Downvote
PHP: 
<?php

    session_start();

    include 'db.php';



    if(isset($_POST['login'])){

        $username = $_POST['username'];

        $password = $_POST['password'];



        $sql = "SELECT * FROM employees WHERE employee_id = '$username'";

        $query = $conn->query($sql);



        if($query->num_rows < 1){

            $_SESSION['error'] = 'Cannot find account with the username';

        }

        else{

            $row = $query->fetch_assoc();

            if(password_verify($password, $row['password'])){

                $_SESSION['empid'] = $row['id'];

                $_SESSION['employee_id'] = $row['employee_id'];

            }

            else{

                $_SESSION['error'] = 'Incorrect password';

            }

        }

    

    }

    else{

        $_SESSION['error'] = 'Input your credentials first';

    }



    header('location: login.php');



?>

ito po yung login code ko po.. as for multiple account..

you can use if and else statement then lagyan mo lang ng user Lvl ... like admin or staff for example


$row = $query->fetch_assoc();
if(password_verify($password, $row['password'])){
if userlvl = '1' //admin lvl ;
$_SESSION['userlvl'] = $row['userid'];
elseif userlvl = '2' //staff
$_SESSION['userlvl'] = $row['userid'];
else userlvl = '3' // employee
$_SESSION['userlvl'] = $row['userid'];

}


i dont know if sql injection vulnerable sya pero yan ginagawa ko.. i hope na-iintindihan nyo po
 
Upvote 0 Downvote

Similar threads

Popular Tags

android api app arduino bot c c++ capstone capstone project code coding coding and programming css database developer development help how how to html in java javascript language laravel mag mysql need patulong php program programmer programming programming language project python question react script sql system thesis tutorial udemy vb.net visual basic web web development website with

About this Thread

  • 4
    Replies
  • 448
    Views
  • 3
    Participants
Last reply from:
Kentify

New Topics

Popular On This Forum

Online statistics

Members online
1,251
Guests online
2,375
Total visitors
3,626
Back
Top