Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladislav Tikhonov2017-01-06 14:14:14
PHP
Vladislav Tikhonov, 2017-01-06 14:14:14

php. Authorization doesn't work. Where is the mistake?

Hello. Guys, there was a problem. I'm doing authorization here, I wrote the code, but it doesn't work.
MySql DB structure:
Table 'users'
username || email || password
Here is the code:

if($_POST['username'] == "")
    echo 'Введите логин.';
  else
    $username = $_POST['username'];

if($_POST['password'] == "")
    echo 'Введите пароль';
  else
    $hashpassword = password_hash($_POST['password'], PASSWORD_DEFAULT);

if(isset($username) && isset($hashpassword))
  {
    $q1 = mysql_query("SELECT * FROM users WHERE username='".$username."'");
    if(mysql_num_rows($q1) == 1)
    {
      $password_by_username = mysql_query("SELECT password FROM users WHERE username = '".$username"'");
      if($hashpassword == $password_by_username)
          echo 'Вы успешно авторизовались!';
        else
          echo 'Вы ввели неверный пароль';
    }
    else
      echo 'Вы ввели неверный логин.';
  }

password_hash() -
|For password hashing, I connect a separate module. Everything in the database is hashed.|
Problem: I start and nothing works. Nothing even comes out.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
Z
Zakhar Storozhuk, 2017-01-06
@Phell

1. isset($password)
$password - what kind of variable is this? In the code, you only have $_POST['password'] and $hashpassword.
This is where the condition doesn't work.
2.

$password_by_username = mysql_query("SELECT password FROM users WHERE username = '".$username"'");

You forgot to extract the password itself from the query (mysql_fetch_array or mysql_fetch_assoc) and write the result of the query execution to the variable, not the password value.
PS: switch to mysqli, mysql is not supported in new versions of PHP.

Report
T
ThunderCat, 2017-01-06
@ThunderCat

1) I'm embarrassed to ask - is there a connection to the database?
2) How is the output of errors configured in php?
3) if the output is not configured - most likely errors are not displayed, but the code falls on error.
4) The code is just hellish hell, also with light injection.
5)

$q1 = mysql_query("
SELECT * 
FROM users 
WHERE `username`= $username 
and `password  = $hashpassword
");
if(mysql_num_rows($q1) == 1) echo "ура, залогинились!" 
else "блиин, неверные данные авторизации";

Similar questions
P
Pavel2014-05-18 14:34:20
How to set up Chrome DevTools Autosave on windows? 4Reply
L
Lecturer2020-09-26 22:38:29
How to display search results for sections in wordpress? 5Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
N
Nicholas Hephaestus2022-01-24 20:18:11
Why does the space bar and other keys not work in TeamViewer? 4Reply
H
HAtan2020-09-30 15:30:27
How to process a click and record it? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question