0

I'm always getting USER_PASSWORD_DO_NOT_MATCH; returned even when mysql paramaters are correct, here's my code. I'm guessing it has to do with the if else logic.

NB: In my database the login credentials I pass to this function are correct i.e the password and $uniNum

public function userLogin($uniNum, $pass){
            $password = md5($pass);
            error_reporting(E_ALL);
            ini_set('display_errors', 1);
            $stmt = $this->con->prepare("SELECT id FROM users WHERE uniNum = ? AND password = ?");
            echo $this->con->error;
            $stmt->bind_param("ss",$uniNum,$password);
            if($stmt->execute()){
                $stmt->store_result();
                if ($stmt->num_rows == 1 ){
                    echo $stmt->num_rows;                
                    return USER_AUTHENTICATED;      
                } else  {
                    echo $stmt->num_rows;
                    return  USER_PASSWORD_DO_NOT_MATCH; 
                }                    
            }else{
                echo $stmt->num_rows;
                return USER_NOT_FOUND;              
            }
            return  $stmt->num_rows;         
        }
Patrick Kariuki
  • 11
  • 4
  • 2
    Using old methods of encrypting passwords (such as `sha1`, `md5`) are **poor methods of hashing** - you should use newer methods for hashing your passwords. PHP has a built-in [`password_hash()`](http://php.net/manual/en/function.password-hash.php) function which is a lot more secure! – Qirel Mar 15 '20 at 12:00
  • See the Postscript in the linked answer. – Your Common Sense Mar 15 '20 at 12:09
  • I have update and replaced with this line ```$password = password_hash($pass,PASSWORD_DEFAULT);``` still getting the same error. – Patrick Kariuki Mar 15 '20 at 12:30
  • What is the size for your column storing the hash? Is it VARCHAR(255)? Did you user `password_verify()` to check the password? – Dharman Mar 15 '20 at 15:29

0 Answers0