Help PHP, confirm password

ribbit

Established
Joined
Jan 3, 2020
Posts
351
Reaction
86
baka meron po kayo idea or suggestion kung paano pagandahin to password, should i remove the confirm password nalang?

eto po code ko sa register.php
PHP:
<?php
session_start();
require('connection.php');
$page_title="Register";
include('includes/header.php');?>
<div class="center">
    <div class="container-fluid">
    <div class="container d-flex justify-content-center align-items-center" style="min-height: 100vh">
            <div class="col-md-6">
                <div class="alert">
                    <?php
                        if(isset($_SESSION['status']))
                        {
                            echo"<h4>".$_SESSION['status']."</h4>";
                            unset($_SESSION['status']);
                        }
                    ?>
                </div>
                <div class="card shadow">
                    <div class="card-header">
                        <h5>Registration Form</h5>
                    </div>
                    <div class="card-body">
                        <form action="code.php" method="POST">
                            <!-- <div class="form-group mb-1 ">
                                <label for="">User Type</label>
                                <input type="text" name="user_type" value ="User" class="form-control"disabled>
                            </div> -->
                            <div class="form-group mb-1 ">
                                <label for="">First Name</label>
                                <input type="text" name="fname" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Last Name</label>
                                <input type="text" name="lname" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Email </label>
                                <input type="text" name="email" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Address </label>
                                <input type="text" name="addr" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                            <label for="">Phone Number</label>
                                <input type="text" name="pnum" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Username</label>
                                <input type="text" name="username" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Password</label>
                                <input type="password" name="password" class="form-control">
                            </div>
                            <div class="form-group mb-1 ">
                                <label for="">Confirm Password</label>
                                <input type="password" name="confirm_password" class="form-control">
                            </div>
                            <div class="form-group">
                                <button type="submit" name="register_btn" class="btn btn-primary">Register Now</button>
                                <br>You have an account? <a href="login.php">Go back.</a></br>
                            </div>
                           
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>


<?php include('includes/footer.php');?>

eto po pala function nang log in page register.php
PHP:
<?php


require('connection.php');


if(isset($_POST['submit'])){
    $usern=$_POST['usern'];
    $passw=$_POST['passw'];
    
    $query="SELECT * FROM users WHERE usern='$usern' AND passw='".md5($passw)."' AND verify_status=1 ";
    $result=mysqli_query($con,$query);
    $row=mysqli_fetch_array($result);
    
    

    

    if(mysqli_num_rows($result)>0)
    {
        session_start();
        
        $user_type=strtoupper($row['user_type']);
        switch($user_type)
        {
            case 'ADMIN':
            header("Location: admin/index.php");
            /* echo $user_type ; */
            break;

            default:
            header("Location: index.php");
            /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    }
    else
    {
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br ("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
      
    }
}
else
{
    echo "your a beast";
}
?>
 
Last edited:

Kentify

est. 2022
Contributor
PHP:
<?php
    include 'includes/session.php';

    if(isset($_POST['add'])){
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
        $employee_id = $_POST['employee_id'];
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $address = $_POST['address'];
        $birthdate = $_POST['birthdate'];
        $contact = $_POST['contact'];
        $gender = $_POST['gender'];
        $position = $_POST['position'];
        $schedule = $_POST['schedule'];
        $filename = $_FILES['photo']['name'];
        if(!empty($filename)){
            move_uploaded_file($_FILES['photo']['tmp_name'], '../images/'.$filename);
        }
     
        $sql = "INSERT INTO employees (id, employee_id, password, firstname, lastname, address, birthdate, contact_info, gender, position_id, schedule_id, photo, created_on) VALUES (NULL, '$employee_id', '$password', '$firstname', '$lastname', '$address', '$birthdate', '$contact', '$gender', '$position', '$schedule', '$filename', NOW())";
        if($conn->query($sql)){
            $_SESSION['success'] = '"'.$firstname.' '.$lastname.'" has been added Successfully!';
        }
        else{
            $_SESSION['error'] = $conn->error;
        }

    }
    else{
        $_SESSION['error'] = 'Fill up add form first';
    }

    header('location: employee.php');
?>

Sample code ko lang for registration..

you can use $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
para encrypted yung password mo

update: don't remove confirm password.

add gender, profile photo, birthdate and etc..
 
Last edited:

intoi

Established
PHP:
<?php
    include 'includes/session.php';

    if(isset($_POST['add'])){
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
        $employee_id = $_POST['employee_id'];
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $address = $_POST['address'];
        $birthdate = $_POST['birthdate'];
        $contact = $_POST['contact'];
        $gender = $_POST['gender'];
        $position = $_POST['position'];
        $schedule = $_POST['schedule'];
        $filename = $_FILES['photo']['name'];
        if(!empty($filename)){
            move_uploaded_file($_FILES['photo']['tmp_name'], '../images/'.$filename);
        }
     
        $sql = "INSERT INTO employees (id, employee_id, password, firstname, lastname, address, birthdate, contact_info, gender, position_id, schedule_id, photo, created_on) VALUES (NULL, '$employee_id', '$password', '$firstname', '$lastname', '$address', '$birthdate', '$contact', '$gender', '$position', '$schedule', '$filename', NOW())";
        if($conn->query($sql)){
            $_SESSION['success'] = '"'.$firstname.' '.$lastname.'" has been added Successfully!';
        }
        else{
            $_SESSION['error'] = $conn->error;
        }

    }
    else{
        $_SESSION['error'] = 'Fill up add form first';
    }

    header('location: employee.php');
?>

Sample code ko lang for registration..

you can use $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
para encrypted yung password mo
ah ganun pla yun
 

ribbit

Established
PHP:
<?php
    include 'includes/session.php';

    if(isset($_POST['add'])){
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
        $employee_id = $_POST['employee_id'];
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $address = $_POST['address'];
        $birthdate = $_POST['birthdate'];
        $contact = $_POST['contact'];
        $gender = $_POST['gender'];
        $position = $_POST['position'];
        $schedule = $_POST['schedule'];
        $filename = $_FILES['photo']['name'];
        if(!empty($filename)){
            move_uploaded_file($_FILES['photo']['tmp_name'], '../images/'.$filename);
        }
   
        $sql = "INSERT INTO employees (id, employee_id, password, firstname, lastname, address, birthdate, contact_info, gender, position_id, schedule_id, photo, created_on) VALUES (NULL, '$employee_id', '$password', '$firstname', '$lastname', '$address', '$birthdate', '$contact', '$gender', '$position', '$schedule', '$filename', NOW())";
        if($conn->query($sql)){
            $_SESSION['success'] = '"'.$firstname.' '.$lastname.'" has been added Successfully!';
        }
        else{
            $_SESSION['error'] = $conn->error;
        }

    }
    else{
        $_SESSION['error'] = 'Fill up add form first';
    }

    header('location: employee.php');
?>

Sample code ko lang for registration..

you can use $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
para encrypted yung password mo

di puba maganda ang md5 pang encrypt nang password?
 

Kentify

est. 2022
Contributor
di puba maganda ang md5 pang encrypt nang password?

You should absolutely use the password_hash() function without providing your own salt:
$hash = password_hash($password, PASSWORD_DEFAULT);

The function will generate a safe salt on its own. The other algorithms are ways too fast to hash passwords and therefore can be brute-forced too easily (about You do not have permission to view the full content of this post. Log in or register now. per second).

reference: You do not have permission to view the full content of this post. Log in or register now.
 
Yung sa confirm password ay if and else lang yan. if Password 1 = Password 2 then proceed, else throw an error saying your password didn't match.
 

ribbit

Established
UPDATE @Kentify

eto na po yung nalagay ko password_hash sa register.php
PHP:
<?php
session_start();
require('connection.php');

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;

//Load Composer's autoloader
require 'vendor/autoload.php';

function sendemail_verify($fname,$email,$verify_token)
{
    $mail = new PHPMailer(true);
  

    //Server settings
    //$mail->SMTPDebug = 2;                      //Enable verbose debug output
    $mail->isSMTP();                                            //Send using SMTP
    $mail->Host       = 'smtp.gmail.com';                     //Set the SMTP server to send through
    $mail->SMTPAuth   = true;                                   //Enable SMTP authentication
    $mail->Username   = 'fv091120@gmail.com';                     //SMTP username
    $mail->Password   = 'fatima123$';                               //SMTP password
    $mail->SMTPSecure = "tls";            //Enable implicit TLS encryption
    $mail->Port       = 587;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
  
              
  
    $mail->setFrom("fv091120@gmail.com", $fname);
    $mail->addAddress($email);

    $mail->isHTML(true);
    $mail->Subject = "OBS Verifaction";

    $emial_template = "To verify your account <a href='http://localhost/obs/verify_email.php?token=$verify_token'>Click Here</a>";

    $mail->Body    =  $emial_template;
    $mail->send();
    //echo 'Message has been sent';
}

if(isset($_POST['register_btn']))
{
    $f_name = $_POST['fname'];
    $l_name = $_POST['lname'];
    $addr = $_POST['addr'];
    $user_type = 'User';
    $pnum = $_POST['pnum'];
    $email = $_POST['email'];
    $usern = $_POST['username'];
    $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
    $verify_token = md5(rand());
  

    //email exist

    $cheack_email_query = "SELECT email FROM users WHERE email='$email' LIMIT 1";
    $cheack_email_query_run = mysqli_query($con,$cheack_email_query);

    if(mysqli_num_rows($cheack_email_query_run) > 0)
    {
        $_SESSION["status"] = "E-mail already exist."; 
        header("Location: register.php");
    }
    else
    {
      
        $query = "INSERT INTO users (user_type,usern,passw,f_name,l_name,pnum,addr,email,verify_token) VALUES ('$user_type','$usern','$passw','$f_name','$l_name','$pnum','$addr','$email','$verify_token')";
        $query_run = mysqli_query($con,$query);

        if($query_run)
        {
            sendemail_verify("$f_name","$email","$verify_token");
            $_SESSION["status"] = "Plaease Cheack your Email for verifacation"; 
            header("Location: register.php");
        }
        else
        {
            $_SESSION["status"] = "hind pasok"; 
            header("Location: register.php");
        }
    }
}
?>


eto po yung login_run.php
PHP:
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = $_POST['passw'];

    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0) {
        session_start();

        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}

kaso eto po nangyari ngayon
1652151478961.png


question: meron puba need ilagay sa login_run.php ko?

USERlmao$2y$10$HnDgWvEiMUKZefAlsCzOC.boYVf9KFbjTZcbVb67cIK...pabloasdqwdeqw213123213123124214zsdjksdhfajhdf@gmail.com2022-05-10 10:52:46c5105f98c8772f106352b5c161806e5e1
also na authenticate ko naman po kaya feeling ko meron need baguhin sa password sa pag login
 

Attachments

Last edited:
UPDATE @Kentify

eto na po yung nalagay ko password_hash sa register.php
PHP:
<?php
session_start();
require('connection.php');

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;

//Load Composer's autoloader
require 'vendor/autoload.php';

function sendemail_verify($fname,$email,$verify_token)
{
    $mail = new PHPMailer(true);
 

    //Server settings
    //$mail->SMTPDebug = 2;                      //Enable verbose debug output
    $mail->isSMTP();                                            //Send using SMTP
    $mail->Host       = 'smtp.gmail.com';                     //Set the SMTP server to send through
    $mail->SMTPAuth   = true;                                   //Enable SMTP authentication
    $mail->Username   = 'fv091120@gmail.com';                     //SMTP username
    $mail->Password   = 'fatima123$';                               //SMTP password
    $mail->SMTPSecure = "tls";            //Enable implicit TLS encryption
    $mail->Port       = 587;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
 
             
 
    $mail->setFrom("fv091120@gmail.com", $fname);
    $mail->addAddress($email);

    $mail->isHTML(true);
    $mail->Subject = "OBS Verifaction";

    $emial_template = "To verify your account <a href='http://localhost/obs/verify_email.php?token=$verify_token'>Click Here</a>";

    $mail->Body    =  $emial_template;
    $mail->send();
    //echo 'Message has been sent';
}

if(isset($_POST['register_btn']))
{
    $f_name = $_POST['fname'];
    $l_name = $_POST['lname'];
    $addr = $_POST['addr'];
    $user_type = 'User';
    $pnum = $_POST['pnum'];
    $email = $_POST['email'];
    $usern = $_POST['username'];
    $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
    $verify_token = md5(rand());
 

    //email exist

    $cheack_email_query = "SELECT email FROM users WHERE email='$email' LIMIT 1";
    $cheack_email_query_run = mysqli_query($con,$cheack_email_query);

    if(mysqli_num_rows($cheack_email_query_run) > 0)
    {
        $_SESSION["status"] = "E-mail already exist.";
        header("Location: register.php");
    }
    else
    {
     
        $query = "INSERT INTO users (user_type,usern,passw,f_name,l_name,pnum,addr,email,verify_token) VALUES ('$user_type','$usern','$passw','$f_name','$l_name','$pnum','$addr','$email','$verify_token')";
        $query_run = mysqli_query($con,$query);

        if($query_run)
        {
            sendemail_verify("$f_name","$email","$verify_token");
            $_SESSION["status"] = "Plaease Cheack your Email for verifacation";
            header("Location: register.php");
        }
        else
        {
            $_SESSION["status"] = "hind pasok";
            header("Location: register.php");
        }
    }
}
?>


eto po yung login_run.php
PHP:
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = $_POST['passw'];

    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0) {
        session_start();

        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}

kaso eto po nangyari ngayon
View attachment 1932836

question: meron puba need ilagay sa login_run.php ko?

USERlmao$2y$10$HnDgWvEiMUKZefAlsCzOC.boYVf9KFbjTZcbVb67cIK...pabloasdqwdeqw213123213123124214zsdjksdhfajhdf@gmail.com2022-05-10 10:52:46c5105f98c8772f106352b5c161806e5e1
also na authenticate ko naman po kaya feeling ko meron need baguhin sa password sa pag login
Syempre you need to password_hash din yung password sa login. Same way on how you do it on your registration para mag match dun sa nasa database mo.
 

ribbit

Established
Syempre you need to password_hash din yung password sa login. Same way on how you do it on your registration para mag match dun sa nasa database mo.
eto po yung login_run.php

PHP:
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = password_hash($_POST['passw'], PASSWORD_DEFAULT);
   
    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0) {
        session_start();


        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}
1652155080237.png
same padin po
 

Attachments

eto po yung login_run.php

PHP:
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = password_hash($_POST['passw'], PASSWORD_DEFAULT);
  
    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0) {
        session_start();


        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}
View attachment 1932918same padin po
Debug mo, check mo codes mo isa isa, like i echo mo yung $passw to check manually kung same nung nasa database
 
gamit ka You do not have permission to view the full content of this post. Log in or register now. para ma-verify kung ang password ay matched sa hash.
iba-iba kasi output ni password_hash, kaya wala sya result pag sinali mo sa where clause.
 
Last edited:

Kentify

est. 2022
Contributor
gamit ka You do not have permission to view the full content of this post. Log in or register now. para ma-verify kung ang password ay matched sa hash.
iba-iba kasi output ni password_hash, kaya wala sya result pag sinali mo sa where clause.
UP for this .. great answer

ribbit
you should use password_verify and not hashing it again.. why? because it will generate a random salt again and then the password wont be correct or the same.

also, you dont need to put password in this query:
$query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";

instead use:
$query = "SELECT * FROM users WHERE usern='$usern' AND verify_status=1 ";



my sample code for login
PHP:
<?php
    session_start();
    include 'db.php';

    if(isset($_POST['login'])){
        $username = $_POST['username'];
        $password = $_POST['password'];

        $sql = "SELECT * FROM employees WHERE employee_id = '$username'";
        $query = $conn->query($sql);

        if($query->num_rows < 1){
            $_SESSION['error'] = 'Cannot find account with the username';
        }
        else{
            $row = $query->fetch_assoc();
            if(password_verify($password, $row['password'])){
                $_SESSION['empid'] = $row['id'];
                $_SESSION['employee_id'] = $row['employee_id'];
            } 
            else{
                $_SESSION['error'] = 'Incorrect password';
            }
        }
      
    }
    else{
        $_SESSION['error'] = 'Input your credentials first';
    }

    header('location: login.php');

?>
 
Last edited:
Top