mysqli - password verify keeps returning wrong login credentials php
Get the solution ↓↓↓Every single time I try to log in, I tried several times with accounts in the database with passwords I am sure of, these are hashed then inserted into the database. However, whenever I usepassword_verify
, I keep getting the error handler put in that says that the user has put wrong login credentials. Tried creating another user that contains ASCII character to check for encoding errors, but still didn't work.
<?php
require_once 'dbh.inc.php';
if (isset($_POST['login-submit'])) {
$username = $_POST['username'];
$pwd = $_POST['pwd'];
if (empty($username) || empty($pwd)) {
header('location: ../login.php?error=emptyfields');
exit();
} else {
$sql = "SELECT * FROM users WHERE username = ? OR email = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('location: ../login.php?error=stmtfailed');
exit();
}
mysqli_stmt_bind_param($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultData = mysqli_stmt_get_result($stmt);
mysqli_stmt_close($stmt);
if (mysqli_fetch_assoc($resultData) == 0) {
header('location: ../login.php?error=usernonexistant');
exit();
}
$row = mysqli_fetch_assoc($resultData);
$pwdHashed = $row['pwd'];
$checkPwd = password_verify($pwd, $pwdHashed);
if ($checkPwd === false) {
header('location: ../login.php?error=wronglogincredentials');
exit();
} else if ($checkPwd === true) { /*review this bruh*/
session_start();
$_SESSION['uid'] = mysqli_fetch_assoc($resultData) ['uid'];
$_SESSION['username'] = mysqli_fetch_assoc($resultData) ['username'];
header('location: ../index.php');
exit();
}
}
} else {
header('location: ../login.php');
exit();
}
Answer
Solution:
Your problem is that you are callingmysqli_fetch_assoc()
four times, but you only have one row. This function is not idempotent. Each time you call it, the internal pointer moves on to the next row. You have complicated the code way too much. If mysqli is too difficult for you, please try PDO.
The same code can be rewritten to make it simpler. After some small refactoring the code will look like this:
<?php
require_once 'dbh.inc.php';
session_start();
if (!isset($_POST['login-submit'])) {
header('location: ../login.php');
exit();
}
if (empty($_POST['username']) || empty($_POST['pwd'])) {
header('location: ../login.php?error=emptyfields');
exit();
}
$username = $_POST['username'];
$pwd = $_POST['pwd'];
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? OR email = ?;");
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$resultData = $stmt->get_result();
$row = $resultData->fetch_assoc();
if (!$row) {
header('location: ../login.php?error=usernonexistant');
exit();
}
$checkPwd = password_verify($pwd, $row['pwd']);
if (!password_verify($pwd, $row['pwd'])) {
header('location: ../login.php?error=wronglogincredentials');
exit();
}
$_SESSION['uid'] = $row['uid'];
$_SESSION['username'] = $row['username'];
header('location: ../index.php');
exit();
In the above code, I removed the remaining three calls tomysqli_fetch_assoc()
and used OO-style which is much easier to read. Be sure to enable mysqli error reporting. Read How to get the error message in MySQLi?
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: call to undefined function mysqli_connect()
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.