Chuks Posted September 27, 2017 Share Posted September 27, 2017 Please, I am creating a user registration /login form to enable users to register and login. After registering with the username and password the user is redirected to the login form, but on logging in submitting the form it returns the login form with the password highlighted in red, although the password would be correct. How do I find out the problem with my code here: <?php // include config file require_once 'config.php'; // Define variables and initialize with empty values $username = $password = ""; $username_err = $password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == ["POST"]) { // Check if username is empty if(empty(trim($_POST["username"]))) { $username_err = 'Please enter your username.'; } else { $username = trim($_POST["username"]); } // Check if password is empty if(empty(trim($_POST['password']))) { $password_err = 'Please enter your pasword'; } else { $password_err = trim($_POST['password']); } // Validate credentials if(empty($username_err) && empty($password_err)) { // Prepare a select statement $sql = "SELECT username, password FROM myguests WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = $username; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)) { // Store result mysqli_stmt_store_result($stmt); // Check if username exist, if yes then verify password if(mysqli_stmt_num_rows($stmt) == 1) { // Bind result variables mysqli_stmt_bind_result($stmt, $username, $hashed_password); if(mysqli_stmt_fetch($stmt)) { if(password_verify($password, $hashed_password)) { /* Password is correct, so start a new session and save username to the session */ session_start(); $_SESSION['username'] = $username; header("location: welcome.php"); } else { //Display error message if password is not valid $password_err = 'The password you entered is not invalid.'; } } } else { // Display error message if username doesn't exist $username_err = 'No acount found with that username.'; } } else { echo "Oops! Something went wrong. Please try again later."; } } // close statement mysqli_stmt_close(stmt); } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Login</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body {font: 14px sans-serif;} .wrapper {width:350px; pading: 20px;} </style> </head> <body> <div class="wrapper"> <h2>Login</h2> <p>Please fill in your credentials to login.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group <?php echo (!empty($username_err)); ?>"> <label>Username:<sup>*</sup></label> <input type="text" name="username" class="form-control" value="<?php echo $username ?>"> <span class="help-block"><?php echo $username_err; ?></span> </div> <div class="form-group <?php echo (!empty($password_err)); ?>"> <label>Password:<sup>*</sup></label> <input type="password" name="password" class="form-control"> <span class="help-block"><?php echo $password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <p>Don't have an account? <a href="register.php">Sign up now</a>.</p> </div> </form> </div> </body> </html> Here is the welcome page which I expect to be displayed: <?php // Initialize the session session_start(); // If session variable is not set it will redirect to login page if (!isset($_SESSION['username']) || empty($_SESSION['username'])) { header("location: login.php"); exit; } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Welcome</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body {font: 14px sans-serif; text-align: center; } </style> </head> <body> <div class="page-header"> <h1>Hi, <b><?php echo $_SESSION['username']; ?></b>. Welcome to our site</h1> </div> <p><a href= "logout.php" class="btn btn-danger">Sign Out of Your Account</a></p> </body> </html> Please I am new in PHP and would appreciate your help. Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 27, 2017 Share Posted September 27, 2017 Start by printing out what you're using. For example, print the 2 variables you're sending to password_verify to make sure they're set to what they should be. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now