After making it insert all the hashes into the database, I made a login form which is supposed to use the original FName and Password to log into the system. I have an issue with the password field, if I insert the original password, it does not work, but if I enter the hash that it generated then it is successful. I've altered the code to make it change the string entered into a hash so that it matches the one in the database but it does not work. Can anyone tell me what I did wrong or help me correct the code?
include 'DBConn.php';
mysql_select_db("test") or die ("Unable to select database!");
if(isset($_POST['FName'])){ $FName = $_POST['FName']; }
if(isset($_POST['Password'])){ $Password = password_hash($Password = $_POST['Password']); }
if( empty($FName) || empty($Password) )
echo "Username and Password Mandatory - from PHP";
else
{
$sql = "SELECT count(*) FROM tbl_User where(
FName='$FName'
AND
Password='$Password')";
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
if( $row[0] > 0 )
echo "Login Successful";
else
echo $sql;
}
Here's the PDO code for reference:
//insert from text file
$host = 'localhost';
$dbname = 'test';
$PDO = new PDO("mysql:dbname=$dbname; host=$host");
$file = file('userData.txt');
$query = $PDO->prepare('INSERT into tbl_User(ID, FName, LName, Email, Password) values (?, ?, ?, ?, ?)');
foreach($file as $row) {
$milestone = explode(';',$row);
$milestone[4] = password_hash($milestone[4], PASSWORD_DEFAULT);
$query->execute($milestone);
}
echo "Done!";
mysqli_close($DBConnect);
?>