I have made a login page and at the end of signing up you have to fill out a few questions for if you ever forget your password. 3 of the questions are already done and you only need to choose a answer but the 4th question has a customizable question and answer. I have made it so when you put your answers and question gets sent to the database it becomes hashed e.g: $customanswer = password_hash($customanswer_before, PASSWORD_BCRYPT);. when you try to do the “forgot password” the first 3 answers are working fine, they say when its right / wrong but the 4th one will always say its wrong even when i put the right answer.
I cant find anything about answer 4 that is different from the other three and chatgpt keeps telling me to do the same things that i have already done and wont be any help at all.
Here is the trouble shoot chatgpt keeps telling me to check (it wont be much help i don’t think, just says what we already know)
Stored Answer One Hash: $2y$10$CzRs7kB80VXBH8cAyXvo9.WdIyZWMRTg0MDaEPZapUu8KI5nit5NC
Stored Answer Two Hash: $2y$10$O/8Epdwo8e/6mTBznqypwuGtRQ8ODoLDstq1Yqv4RoiYLgC55u6Xq
Stored Answer Three Hash: $2y$10$7P8z0u2g5gm0.iv0bpcQ9evto92KM.D5xCQ8YD0f84ImBTW6U7tLq
Stored Answer Four Hash: $2y$10$Ol6O7nmsjYjAL8yqwP8F3Ob.xCDIFDCHn/MfPFZjWoDn5eTkxzgbe
Entered Answer One: one
Entered Answer Two: two
Entered Answer Three: three
Entered Answer Four: four
Is Answer One Correct? Yes
Is Answer Two Correct? Yes
Is Answer Three Correct? Yes
Is Answer Four Correct? No
One or more answers are incorrect. Please try again.
Question 1, 2 and 3 are working fine only problem is number 4 and i have no clue why, if anyone sees/finds a problem with it please reply my code is below,
Thank You,
Alex.:
index:
<body>
<div class="signup" id="signup">
<form action="answer-check.php" method="post">
<div class="accountrecoverytitle">
<b>Account Recovery</b>
</div>
<div class="accountrecoverytext">
We understand that forgetting your password happens to the best of us.<br>
Please answer the following four security questions to verify your <br>
identity and reset your password <br>
</div>
<div class="questionbox" id="question1">
<div class="question">
<div id="questiontext">What is the name of the first school you went to?</div>
</div>
<div class="answer">
<input id="textbox" type="textbox" name="answerone" require>
</div>
</div>
<div class="questionbox" id="question2">
<div class="question">
<div id="questiontext">What is the name of the street you grew up in?</div>
</div>
<div class="answer">
<input id="textbox" type="textbox" name="answertwo" require>
</div>
</div>
<div class="questionbox" id="question3">
<div class="question">
<div id="questiontext">What is the name of your first pet?</div>
</div>
<div class="answer">
<input id="textbox" type="textbox" name="answerthree" require>
</div>
</div>
<div class="questionbox" id="question4">
<div class="question">
<div id="questiontext">The custom question (Question 4)</div>
</div>
<div class="answer">
<input id="textbox" type="textbox" name="answerfour" require>
</div>
</div>
<button type='submit' id="check-button" >Check</button>
</form>
</div>
</body>
answer-check.php:
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get form answers directly (they are in plain text)
$answerone = $_POST['answerone'];
$answertwo = $_POST['answertwo'];
$answerthree = $_POST['answerthree'];
$answerfour = $_POST['answerfour']; // Including 4th answer here
$email = $_SESSION['email']; // Assuming the email is stored in session
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test"; // Change to your actual DB
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Prepare the SQL query to get the security question answers (already hashed)
$sql = "SELECT Answer1, Answer2, Answer3, Answer4
FROM accounts
WHERE email = '$email'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// Fetch user data
$row = $result->fetch_assoc();
// Debugging output (for viewing data being compared)
echo "Stored Answer One Hash: " . $row['Answer1'] . "<br>";
echo "Stored Answer Two Hash: " . $row['Answer2'] . "<br>";
echo "Stored Answer Three Hash: " . $row['Answer3'] . "<br>";
echo "Stored Answer Four Hash: " . $row['Answer4'] . "<br>";
echo "Entered Answer One: " . $answerone . "<br>";
echo "Entered Answer Two: " . $answertwo . "<br>";
echo "Entered Answer Three: " . $answerthree . "<br>";
echo "Entered Answer Four: " . $answerfour . "<br>";
// Use password_verify to match the plain-text answers with the already hashed stored values
$is_answer_one_correct = password_verify($answerone, $row['Answer1']);
$is_answer_two_correct = password_verify($answertwo, $row['Answer2']);
$is_answer_three_correct = password_verify($answerthree, $row['Answer3']);
$is_answer_four_correct = password_verify($answerfour, $row['Answer4']);
// Debug output for verification
echo "Is Answer One Correct? " . ($is_answer_one_correct ? "Yes" : "No") . "<br>";
echo "Is Answer Two Correct? " . ($is_answer_two_correct ? "Yes" : "No") . "<br>";
echo "Is Answer Three Correct? " . ($is_answer_three_correct ? "Yes" : "No") . "<br>";
echo "Is Answer Four Correct? " . ($is_answer_four_correct ? "Yes" : "No") . "<br>";
// Checking if all answers are correct
if ($is_answer_one_correct && $is_answer_two_correct && $is_answer_three_correct && $is_answer_four_correct) {
// All answers are correct, you can allow the user to reset the password
echo "All answers are correct. You may now reset your password.";
} else {
// One or more answers are incorrect
echo "One or more answers are incorrect. Please try again.";
}
} else {
// No account found for that email
echo "No account found for the email provided.";
}
// Close the connection
$conn->close();
}
?>
Code that sends info to database:
<?php
session_start();
//All Variables
//linking html data to php E.G:$phpvariable = $_POST["HTML form NAME"]
//needs hashed
$pass_before = $_POST["password"];
$answerone_before = $_POST["security_question_one"];
$answertwo_before = $_POST["security_question_two"];
$answerthree_before = $_POST["security_question_three"];
$customquestion_before = $_POST["custom_security_question"];
$customanswer_before = $_POST["custom_secruity_answer"];
//doesnt need hashed
$user = $_POST["usernames"];
$email = $_POST["email"];
$firstname = $_POST["firstname"];
$middlename = $_POST["middlename"];
$lastname = $_POST["lastname"];
$date = $_POST["dob"];
$phone = $_POST["phone"];
$address = $_POST["address"];
$gender = $_POST["gender"];
//becomes hashed
$pass = password_hash($pass_before, PASSWORD_BCRYPT);
$answerone = password_hash($answerone_before, PASSWORD_BCRYPT);
$answertwo = password_hash($answertwo_before, PASSWORD_BCRYPT);
$answerthree = password_hash($answerthree_before, PASSWORD_BCRYPT);
$customquestion = password_hash($customquestion_before, PASSWORD_BCRYPT);
$customanswer = password_hash($customanswer_before, PASSWORD_BCRYPT);
$EmailUserCheck = 0;
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//check for email taken
$query = "SELECT * FROM accounts WHERE email = '$email'";
// Execute the query
$result = $conn->query($query);
// Check if the email exists in the database
if ($result->num_rows > 0) {
die("The email: <b>$email</b> is alredy in use
<br>
To fix this you can
<b>login</b>
or
<b>contact us</b>
<br>
<a href='login.html'><button class='b'>login</button></a>
<br>
<a href='contact.html'><button class='b'>contact us</button></a>
<style>
.b {
width: 150px;
margin-top: 30px;
height: 30px;
}
</style.
");
}
// Close the connection
$conn->close();
//reset to send data over
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO accounts (
Username,
Email,
Password,
First_Name,
Middle_Name,
Last_name,
Date_Of_Birth,
Phone,
Address,
Gender,
Answer1,
Answer2,
Answer3,
Question1,
Answer4
)
VALUES (
'$user',
'$email',
'$pass',
'$firstname',
'$middlename',
'$lastname',
'$date',
'$phone',
'$address',
'$gender',
'$answerone',
'$answertwo',
'$answerthree',
'$customquestion',
'$customanswer'
)";
if ($conn->query($sql) === TRUE) {
header("Location: login.php?signup=complete");
exit();
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>