I am trying to login with a username or email and password in php. As i try to login it says password do not match, as i have typed the correct username and password. I guess something going wrong with my hashing password or session variable. Can anybody help me with my code?
Here is my login.inc.php file
<?php
session_start();
if (isset($_POST['Loginsubmit'])) {
include 'dbh.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password= mysqli_real_escape_string($conn, $_POST['password']);
// Error handlers
if (empty($username) || empty($password)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE username= '$username' OR email= '$username'";
$result = mysqli_query($conn,$sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
// De-hashing the password
$hashedPasswordCheck = password_verify($password, $row['password']);
if ($hashedPasswordCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPasswordCheck == true) {
// Log in the user here
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['surname'] = $row['surname'];
$_SESSION['email'] = $row['email'];
$_SESSION['username'] = $row['username'];
$_SESSION['bdate'] = $row['bdate'];
$_SESSION['gender'] = $row['gender'];
header("Location: ../home.php");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
And here is my part of index.php file where i am taking the inputs
<?php
session_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Mysite</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="css/custom.css">
<link href="css/bootstrapValidator.min.css" rel="stylesheet">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
<script src="js/jquery.min.js" type="text/javascript"></script>
<script src="js/bootstrapValidator.min.js" type="text/javascript"></script>
<script src="https://use.fontawesome.com/465fa6787a.js"></script>
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" id="navbar">
<div class="container">
<!-- logo -->
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#myNav">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="#" class="navbar-brand">BRAND</a>
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="myNav">
<div class="nav navbar-nav pull-right">
<form class="navbar-form navbar-right" action="includes/login.inc.php" method="post">
<div class="input-group">
<span class="input-group-addon">
<span class="glyphicon glyphicon-user"></span>
</span>
<input type="text" class="form-control" placeholder="Username">
</div>
<div class="input-group ">
<span class="input-group-addon">
<span class="glyphicon glyphicon-lock"></span>
</span>
<input type="password" class="form-control" placeholder="Password">
</div>
<button type="submit" class="btn btn-success" name="Loginsubmit">Login</button>
</form>
</div>
</div>
</div>
</nav>
