+ 4

Hey guys i got a littel problem and i need your help .

Hey guys i got a littel problem and i need your help . the code i pasted below works fine and upadate the password section of my database but the problem im facing is that when i was creating the singup and login script i hashed the password with this $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT); and as a result after updating my password the user are unable to login in with the updated password here is my update password code <?php session_start(); $old_pass=$_POST['old_pass']; $start_session=$_SESSION['u_id']; include_once 'dbh.inc.php'; $sql = "UPDATE users SET user_pwd = $old_pass WHERE user_id= $start_session"; if (mysqli_query($conn, $sql)) { header("Location: ../login.php?password change =succesful"); } else { echo "Error updating record: " . mysqli_error($conn); mysqli_close($conn); } ?> here is my singup script <?php if (isset($_POST['submit'])) { $_POST['mail']; $_POST['pin']; $check= $_POST['mail']; $check_again= $_POST['pin']; if ($check=== $check_again) { echo "yes"; }else{ echo "Incorrect Code"; } include_once 'dbh.inc.php'; $name = mysqli_real_escape_string($conn, $_POST['name']); $email = mysqli_real_escape_string($conn, $_POST['email']); $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); //Error handlers //Check for empty fields if (empty($name) || empty($email) || empty($pwd)) { header("Location: ../signup.php?signup=empty"); exit(); } else { //Check if input characters are valid if (!preg_match("/^[a-zA-Z_ -]*$/", $name)) { header("Location: ../signup.php?signup=invalid"); exit(); } else { //Check if email is valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { header("Location: ../signup.php?signup= invalid email"); exit(); } else { //Hashing the password $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT); //Insert the user into the database $sql = "INSERT INTO users (user_name, user_email, user_pwd) VALUES ('$name', '$email', '$hashedPwd');";

9th Mar 2018, 7:49 PM
Franklyn Omeben
Franklyn Omeben - avatar
3 Antworten
+ 6
this are the rest code //Insert the user into the database $sql = "INSERT INTO users (user_name, user_email, user_pwd) VALUES ('$name', '$email', '$hashedPwd');"; mysqli_query($conn, $sql); header("Location: ../login.php?signup=success"); exit(); } } } } else { header("Location: ../signup.php"); exit(); } here is my login in script <?php session_start(); if (isset($_POST['submit'])) { include 'dbh.inc.php'; $email = mysqli_real_escape_string($conn, $_POST['email']); $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); //Error handlers //Check if inputs are empty if (empty($email) || empty($pwd)) { header("Location: ../index.php?login=empty"); exit(); } else { $sql = "SELECT * FROM users WHERE user_email='$email'"; $result = mysqli_query($conn, $sql); $resultCheck = mysqli_num_rows($result); if ($resultCheck < 1) { header("Location: ../index.php?login=error"); exit(); } else { if ($row = mysqli_fetch_assoc($result)) { //De-hashing the password $hashedPwdCheck = password_verify($pwd, $row['user_pwd']); if ($hashedPwdCheck == false) { header("Location: ../index.php?login=error"); exit(); } elseif ($hashedPwdCheck == true) { //Log in the user here $_SESSION['u_id'] = $row['user_id']; $_SESSION['u_name'] = $row['user_name']; $_SESSION['u_email'] = $row['user_email']; header("Location: ../signedin/profile.php?login=success"); exit(); } } } } } else { header("Location: ../index.php?login=error"); exit(); } ?> any help will be appriciated thanks
9th Mar 2018, 7:52 PM
Franklyn Omeben
Franklyn Omeben - avatar
+ 5
it,say login error
10th Mar 2018, 8:13 AM
Franklyn Omeben
Franklyn Omeben - avatar
+ 4
What exactly happens when they try to log in? Error message? If you print the session variables, are the ones that would indicator you're logged in exist and have values? Give me some more information on exactly what happens, when, and if there is any indicators toward failure/error.
9th Mar 2018, 8:00 PM
Fata1 Err0r
Fata1 Err0r - avatar