When I go to Localhost and try the username and the password it tells me that is an error? why?
Asked
Active
Viewed 715 times
0
-
1your table name and database name is my_db ? is this correct ? – JYoThI May 26 '17 at 09:33
-
1well, how did you save the password into db? (and by the way, you should _not_ md5 it. Use password_hash) – Jeff May 26 '17 at 09:33
-
1use `mysqli_error` to find out whats wrong. [mysqli_error](http://php.net/manual/en/mysqli.error.php) – Jeff May 26 '17 at 09:34
-
yes! @JYoThI ... – amel May 26 '17 at 09:37
-
@Jeff password: abc123 – amel May 26 '17 at 09:39
-
I will try it @Jeff – amel May 26 '17 at 09:40
-
try my answer @new_user – JYoThI May 26 '17 at 09:50
-
I tried it and tell me the same error! @JYoThI – amel May 26 '17 at 10:04
2 Answers
2
1) Use password_hash docs
while registration use password_hash() to hash the password and store it in database and while login use password_verify() to verify the password like this .
2) user prepared statement to avoid sql injection
<?php
session_start();
if(isset($_SESSION["user_id"])){
header("location: /web/home.php");
}
if(isset($_POST["s"])){
$username = $_POST["un"];
$password = $_POST["ps"];
$conn = mysqli_connect("localhost","root","","my_db") or die("Connection failed: " . mysqli_connect_error());
$stmt = $conn->prepare("SELECT * FROM table_name WHERE username=?");
$stmt->bind_param('s',$username);
$stmt->execute();
$get_result =$stmt->get_result();
$row_count= $get_result->num_rows;
if($row_count>0)
{
$record = $get_result->fetch_assoc();
if(password_verify($password,$record['password']))
{
$_SESSION["user_id"]= $record["user_id"];
header("location: /web/home.php");
}
else
{
echo "<h3 style = 'color:red'>Error in username or password</h3>";
}
}else{
echo "<h3 style = 'color:red'>Error in username or password</h3>";
}
}
?>
JYoThI
- 11,977
- 1
- 11
- 26
-
use `password_hash()` on registration page and use `password_verify()` on login page... make sure your password hash a length about 60 chars, or better 255 chars – Masivuye Cokile May 26 '17 at 09:47
0
It looks entered username/password or both are not matching with the database table my_db.
Reasons : Localhost means the db is getting refereed in local. So in your local database under my_db table there is no user exists with the given username and password. May be that data is valid in remote database server.
Solution : 1. Take a dump from remote database and put in your localhost so that your local db and remote db are replica 2. For simple solution, just insert the required details in my_db table.
Hope that helps
Masivuye Cokile
- 4,754
- 3
- 19
- 34
priya raj
- 362
- 2
- 8