+ 2
How to create a login system using php and sql
I want to create a login system but whenever I try to login it always shows password incorrect error
16 Réponses
+ 2
1 - Get password from database (It's in md5) - $passuserdb = "SELECT ......"
2 - $md5pass=md5($pass) - You convert user writing pass to md5.
3 - If $passuserdb == $md5pass
+ 6
Post your code so people can help you.
+ 5
Adding a point after @Daniel's answer, you can also use md5 function on the server through the SQL query like :
SELECT email, password FROM users WHERE email='$email' AND password=MD5('$password')
Then check if there is any records in query result, if not, it means no record matched the user (Invalid user)
Hth, cmiiw
+ 5
@Daniel your solution was excellent as well, as a side note, I read a notice about how md5 and sha1 exploits are becoming more prevalent, that MySql dev now recommends the use of sha2. I guess what we thought was secure is not all that secure anymore :)
https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
+ 5
Glad to know your problem is solved :)
+ 4
Maybe you are checking in bad way or with data type incorrect. Share your code
+ 4
@Daniel that is so true, I agree with you :)
+ 4
thank u ipang and Daniel finally fixed it
+ 3
I think you should focus on the password_verify function, as that is the one that confirms password validity.
If it's possible could you post the password_verify code also? I will assume that there's no problem in connection and SQL query execution process for now.
+ 3
Excellent Ipang, more directly, without using other variables or instructions.
+ 3
Could be Ipang. As always I said, all which man create, same man destroy. In this case I think MD5 is exploited maybe with brute force with dictionaries. Currently you can search by the internet some websites where you can "hack" passwords but really it has a great database
+ 2
What encryption method do you use to save password in database?
+ 1
login page code
<?php
include("connect.php");
include("functions.php");
if(logged_in())
{
header("location:profile.php");
exit();
}
$error = "";
if(isset($_POST['submit']))
{
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$checkBox = isset($_POST['keep']);
if(email_exists($email,$con))
{
$result = mysqli_query($con, "SELECT password FROM users WHERE email='$email'");
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['email'] = $email;
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: profile.php");
}
}
else
{
$error = "Email Does not exists";
}
}
?>
<!doctype html>
<html>
<head>
<title>Login Page</title>
<link rel="stylesheet" href="css/styles.css" />
</head>
<body>
<div id="error" style=" <?php if($error !=""){ ?> display:block; <?php } ?> "><?php echo $error; ?></div>
<div id="wrapper">
<div id="menu">
<a href="index.php">Sign Up</a>
<a href="login.php">Login</a>
</div>
<div id="formDiv">
<form method="POST" action="login.php">
<label>Email:</label><br/>
<input type="text" class="inputFields" name="email" required/><br/><br/>
<label>Password:</label><br/>
<input type="password" class="inputFields" name="password" required/><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="submit" class="theButtons" value="login" />
</form>
</div>
</div>
</body>
</html>
+ 1
thanks for your reply fixed the problem but I can only get it when I save password as normal text so can someone give me code for decryption the password while login
+ 1
md5
+ 1
If you have your password stored in database with MD5 encryption, when you get it from database to compare with user login, you must to apply md5 function to password which user write.
md5($pass)
In the same way, because you must to compare password which has database for specific user, which is in MD5 with password which user write in plain text, so for that reason, to compare, you must to convert before.plain text in md5