Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladislav Tikhonov2017-01-06 14:14:14
PHP
Vladislav Tikhonov, 2017-01-06 14:14:14

php. Authorization doesn't work. Where is the mistake?

Hello. Guys, there was a problem. I'm doing authorization here, I wrote the code, but it doesn't work.
MySql DB structure:
Table 'users'
username || email || password
Here is the code:

if($_POST['username'] == "")
    echo 'Введите логин.';
  else
    $username = $_POST['username'];

if($_POST['password'] == "")
    echo 'Введите пароль';
  else
    $hashpassword = password_hash($_POST['password'], PASSWORD_DEFAULT);

if(isset($username) && isset($hashpassword))
  {
    $q1 = mysql_query("SELECT * FROM users WHERE username='".$username."'");
    if(mysql_num_rows($q1) == 1)
    {
      $password_by_username = mysql_query("SELECT password FROM users WHERE username = '".$username"'");
      if($hashpassword == $password_by_username)
          echo 'Вы успешно авторизовались!';
        else
          echo 'Вы ввели неверный пароль';
    }
    else
      echo 'Вы ввели неверный логин.';
  }

password_hash() -
|For password hashing, I connect a separate module. Everything in the database is hashed.|
Problem: I start and nothing works. Nothing even comes out.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
Z
Zakhar Storozhuk, 2017-01-06
@Phell

1. isset($password)
$password - what kind of variable is this? In the code, you only have $_POST['password'] and $hashpassword.
This is where the condition doesn't work.
2.

$password_by_username = mysql_query("SELECT password FROM users WHERE username = '".$username"'");

You forgot to extract the password itself from the query (mysql_fetch_array or mysql_fetch_assoc) and write the result of the query execution to the variable, not the password value.
PS: switch to mysqli, mysql is not supported in new versions of PHP.

Report
T
ThunderCat, 2017-01-06
@ThunderCat

1) I'm embarrassed to ask - is there a connection to the database?
2) How is the output of errors configured in php?
3) if the output is not configured - most likely errors are not displayed, but the code falls on error.
4) The code is just hellish hell, also with light injection.
5)

$q1 = mysql_query("
SELECT * 
FROM users 
WHERE `username`= $username 
and `password  = $hashpassword
");
if(mysql_num_rows($q1) == 1) echo "ура, залогинились!" 
else "блиин, неверные данные авторизации";

Similar questions
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
I
Isaac Clark2017-04-05 13:43:42
HTML5 GAME: Is it better to use Canvas or DIV for sprite animation? 5Reply
S
Simon Tis2019-10-03 19:03:22
How all the same to connect a script in header 1C? 3Reply
P
Pashchuk Ilya2017-05-09 21:42:00
How to resize a block when dragging in css3 and html5? 2Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question