-1

I have a database that the user can create an account for with an id being auto generated and the password being users inputted.

I then on another page need to check if the password is correct, and I have the id in a drop down so I don't have to check for that. How would I do this?

I have the password and the id in the same MySQL table, and I am using PHP to grab stuff from the table.

How I connect to the database:

$dsn = "mysql:host=courses;dbname=cs56711";
$pdo = new PDO($dsn, $username, $password);

I have tried a bunch of different ideas on how to try this, but none have worked so far. That's also why I don't have more code, because I have changed things out so much that I don't think anything would help it.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
AScheel
  • 33
  • 8
  • 2
    You should be using `password_hash()` when you store the password in the database, and `password_verify()` to check the password. – Barmar Apr 10 '19 at 05:56
  • Welcome to SO. Please read: [How to create a Minimal, Complete, and Verifiable example](http://stackoverflow.com/help/mcve) and also [How do I ask a good question?](http://stackoverflow.com/help/how-to-ask) – M. Eriksson Apr 10 '19 at 05:57
  • @Barmar would that be in the php or html? I am very rusty on both of them – AScheel Apr 10 '19 at 05:59
  • So you only have a PDO connection? I'm sorry, but your question is too broad and unclear. You must make attempts to solve it your self first. Then, If you run into _specific_ issues with your _existing_ code, come back, show us the attempt and we can help you sort it out, but we won't write it all for you. – M. Eriksson Apr 10 '19 at 05:59
  • @AScheel Those are PHP functions, look up the documentation. – Barmar Apr 10 '19 at 06:00
  • @Barmar I just looked at the doc and I think that could work. Thanks – AScheel Apr 10 '19 at 06:04
  • https://stackoverflow.com/questions/30279321/how-to-use-password-hash – Nigel Ren Apr 10 '19 at 06:04

1 Answers1

0

If you need to check a value in different pages, use Session values. Store the password as a session value and you can compare it with the database value then.

Important: Do not store the plain text password always; always use hashed values. You can either use password_hash(), sha1, or any other method.

<?php
    session_start();

    // Hashing entered password
    $hashedPass = password_hash($userPass , PASSWORD_DEFAULT);

    // Save your password value in session variable
    $_SESSION['userpass'] = $hashedPass;

    if( isset( $_SESSION['userpass'] ) ) {
       // Here you can compare the values
    }
    else {
       echo "password value is empty"
    }
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Vishwa
  • 801
  • 11
  • 26