What's new
By:

🔒 Closed [PHP] about sa password_hash na hind maka pasok sa log in page

Status
Not open for further replies.
R

ribbit

Eternal Poster
i got this problem na hind na siya makapag log in simula noong na password_hash

login_run.php
PHP: 
<?php

require('connection.php');

if (isset($_POST['submit'])) {
    $usern = $_POST['usern'];
    $passw = $_POST['passw'];
    
    $query = "SELECT * FROM users WHERE usern='$usern' AND passw='$passw' AND verify_status=1 ";
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);

    if (mysqli_num_rows($result) > 0 && password_verify($_POST[$passw], $passw)) {
        $_SESSION["usern"] = $usern;
        session_start();


        $user_type = strtoupper($row['user_type']);
        switch ($user_type) {
            case 'ADMIN':
                header("Location: admin/index.php");
                /* echo $user_type ; */
                break;

            default:
                header("Location: index.php");
                /* echo $user_type ; */
        }
        $_SESSION["usern"] = $usern;
    } else {
        var_dump($passw);
        var_dump($usern);
        echo "<h2>You enetr the worng Username/Passowrd or The account is not been authenticated.</h2>";
        echo nl2br("<h3><a href='login.php'>Click here</a> to go back to Log-in page.</h3");
    }
} else {
    echo "your a beast";
}

and na try ko gayahin nakikita ko sa internet tapos try ko din iprint para makita ano bibasa pero eto labas
1652165998143.webp


tapos eto po nasa database ko
1652166184533.webp
 
Sort by date Sort by votes
i select mo sa db using username lang

tas use password_verify($password, $hashed_password) para i check

so magiging ganto

Code: 
password = $_POST['password']
query = select from db using username
hashedPassword = query['password']

if(password_verify($password, $hashedPassword )){
    login success
}else{
    invalid password
}

assuming na ang ginamit sa pag hash ay password_hash
 
Upvote 0 Downvote
PHC_Jayvee said:
i select mo sa db using username lang

tas use password_verify($password, $hashed_password) para i check

so magiging ganto

Code: 
password = $_POST['password']
query = select from db using username
hashedPassword = query['password']

if(password_verify($password, $hashedPassword )){
    login success
}else{
    invalid password
}

assuming na ang ginamit sa pag hash ay password_hash
Click to expand...
multi user po yung log in page also eto po yung code ko kung paano ko na hash $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
 
Upvote 0 Downvote
ribbit said:
multi user po yung log in page also eto po yung code ko kung paano ko na hash $passw = password_hash($_POST['password'], PASSWORD_DEFAULT);
Click to expand...
bat mo naman naisipang mag multi user?

pwede naman same user

pero dapat may unique identifier ka

like email or id or what so ever


yun nga lang yung unique identifier gagamitin nila sa pag login


iba iba kasi ibibigay na hash sayo nyan
so impossible na gamitin mo yung hash para i select sa db
 
Upvote 0 Downvote
PHP: 
<?php

    session_start();

    include 'db.php';



    if(isset($_POST['login'])){

        $username = $_POST['username'];

        $password = $_POST['password'];



        $sql = "SELECT * FROM employees WHERE employee_id = '$username'";

        $query = $conn->query($sql);



        if($query->num_rows < 1){

            $_SESSION['error'] = 'Cannot find account with the username';

        }

        else{

            $row = $query->fetch_assoc();

            if(password_verify($password, $row['password'])){

                $_SESSION['empid'] = $row['id'];

                $_SESSION['employee_id'] = $row['employee_id'];

            }

            else{

                $_SESSION['error'] = 'Incorrect password';

            }

        }

    

    }

    else{

        $_SESSION['error'] = 'Input your credentials first';

    }



    header('location: login.php');



?>

ito po yung login code ko po.. as for multiple account..

you can use if and else statement then lagyan mo lang ng user Lvl ... like admin or staff for example


$row = $query->fetch_assoc();
if(password_verify($password, $row['password'])){
if userlvl = '1' //admin lvl ;
$_SESSION['userlvl'] = $row['userid'];
elseif userlvl = '2' //staff
$_SESSION['userlvl'] = $row['userid'];
else userlvl = '3' // employee
$_SESSION['userlvl'] = $row['userid'];

}


i dont know if sql injection vulnerable sya pero yan ginagawa ko.. i hope na-iintindihan nyo po
 
Upvote 0 Downvote
Status
Not open for further replies.

About this Thread

  • 4
    Replies
  • 605
    Views
  • 3
    Participants
Last reply from:
Kentify

New Topics

Trending Topics

Online now

Members online
981
Guests online
1,102
Total visitors
2,083

Forum statistics

Threads
2,276,172
Posts
28,968,039
Members
1,231,153
Latest member
taengdaga
Back
Top