Login Form Invalid username/password

2450 views php
5

I have a login form but even if i type a correct email and password i still get invalid username/password. I'm looking at my code and tried debugging it but i can't seem to find the problem.

  • Form

    <form method="post" action = 'plogin.php'>
        <h2 class="sr-only">Login Form</h2>
        <div class="illustration"><i class="icon ion-ios-navigate"></i></div>
        <div class="form-group"><input class="form-control" type="email" name="email" placeholder="?-????"></div>
        <div class="form-group"><input class="form-control" type="password" name="password" placeholder="???????"></div>
        <div class="form-group"><button class="btn btn-primary btn-block" type="submit">??????</button></div><a href="#" class="forgot">?? ??????????? ?????????? ???????? ????.</a></form>
    

  • Form Validation

    if(!empty($_POST)) {
        include('includes/general.php');
        if(!$connection){
            die("Failed to connect to database ".mysqli_connect_error());
        }
        $email = mysqli_real_escape_string($connection, $_POST['email']);
        $password = mysqli_real_escape_string($connection, $_POST['password']);
        $hashedPassword = hash('SHA256', $password);
        $query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
        $result = mysqli_query($connection, $query) or die (mysqli_error($connection));
        if(mysqli_num_rows($result) > 0) {
            $_SESSION = mysqli_fetch_array($result);
            header('location: user.php');
        } else {
            echo "<script>alert('invalid username/password');
                window.location.href= 'login.php';</script>";
        }
    } else {
        header('location: index.php');
    

answered question

Why do you hash the password, but then never use that hashed value?

@KIKOSoftware honest mistake there, but do you know why it doesn't compare them right?

1 Answer

12

You hash the password, but don't use the hash...

if(!empty($_POST)) {
    include('includes/general.php');
    if(!$connection){
        die("Failed to connect to database ".mysqli_connect_error());
    }
    $email = mysqli_real_escape_string($connection, $_POST['email']);
    $password = mysqli_real_escape_string($connection, $_POST['password']);
    $hashedPassword = hash('SHA256', $password);
    $query = "SELECT * FROM users WHERE email = '$email' AND password = '$hashedPassword'";
    $result = mysqli_query($connection, $query) or die (mysqli_error($connection));
    if(mysqli_num_rows($result) > 0) {
        $_SESSION = mysqli_fetch_array($result);
        header('location: user.php');
    } else {
        echo "<script>alert('invalid username/password');
            window.location.href= 'login.php';</script>";
    }
} else {
    header('location: index.php');

Maybe try the code above

posted this

Have an answer?

JD

Please login first before posting an answer.