My connection with database is okay and I’m also getting correct data from the MySQL server. But, when I verify the password and login, then the password that input doesn’t match with the database. The problem seems to appear when I try to match the input password with the database password.
Here is my code:
<?php require 'connection.php'; ?>
<?php
//login user
if (isset($_POST['login'])) {
$emailUsername = $_POST['email_username'];
$pass = $_POST['password'];
$sql = "SELECT * from `users` WHERE `username` = '$emailUsername' OR `email` = '$emailUsername'";
$result = mysqli_query($conn, $sql);
if ($result) {
if (mysqli_num_rows($result) == 1) {
$fetchedResult = mysqli_fetch_assoc($result);
if (password_Verify($pass, $fetchedResult['password'])){
echo "Logged in!";
} else {
echo "Incorrect password!<br>";
}
}
} else {
echo "Incorrect username or password!";
}
}
}
//Register user
if (isset($_POST['register'])) {
$name = $_POST['fullname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM `users` WHERE `username` = '$username' OR `email` = '$email'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) >0){
$fetchedResult = mysqli_fetch_assoc($result);
if ($fetchedResult['username'] == $username){
echo "username already exists!";
header("Location: index.php?error=userexists");
exit();
} else{
echo "email already exists";
header("Location: index.php?error=emailexists");
exit();
}
} else {
$pass = password_hash($password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users(`name`, `username`, `email`, `password`) VALUES ('$name', '$username', '$email', '$pass')";
if (mysqli_query($conn, $sql)){
echo "User registered successfully!<br>";
echo $pass;
} else {
echo "Can't run query";
}
}
}
?>
<?php
require 'connection.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User - Login and Register</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<header>
<h2>TJ WEBDEV</h2>
<nav>
<a href="#">HOME</a>
<a href="#">BLOG</a>
<a href="#">CONTACT</a>
<a href="#">ABOUT</a>
</nav>
<div class='sign-in-up'>
<button type='button' onclick="popup('login-popup')">LOGIN</button>
<button type='button' onclick="popup('register-popup')">REGISTER</button>
</div>
</header>
<!-- login form -->
<div class="popup-container" id="login-popup">
<div class="popup">
<form method="POST">
<h2>
<span>USER LOGIN</span>
<button type="reset" onclick="popup('login-popup')">X</button>
</h2>
<input type="text" placeholder="E-mail or Username" name="email_username">
<input type="password" placeholder="Password" name="password">
<button type="submit" class="login-btn" name="login">LOGIN</button>
</form>
</div>
</div>
<!-- registration form -->
<div class="popup-container" id="register-popup">
<div class="register popup">
<form method="POST">
<h2>
<span>USER REGISTER</span>
<button type="reset" onclick="popup('register-popup')">X</button>
</h2>
<input type="text" placeholder="Full Name" name="fullname">
<input type="text" placeholder="Username" name="username">
<input type="email" placeholder="E-mail" name="email">
<input type="password" placeholder="Password" name="password">
<button type="submit" class="register-btn" name="register">REGISTER</button>
</form>
</div>
</div>
<script>
function popup(popup_name)
{
get_popup=document.getElementById(popup_name);
if(get_popup.style.display=="flex")
{
get_popup.style.display="none";
}
else
{
get_popup.style.display="flex";
}
}
</script>
</body>
</html>
I have tried the same code but I didn’t take the password from MySQL server, I typed the data manually in the code and encrypted it then it worked. The only occurs when I try to match the password with the database.