Form is always incorrect

Question

I can enter index.php when i register an account and let it redirect me but once i log out and log in again it say Access Denied any idea?? the register.php works perfectly but my guess is login.php logic is broken?

register.php

{
    $hashed_password = password_hash($password, PASSWORD_BCRYPT);
    if(password_verify($password, $hashed_password)) {
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    }
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;
      header('location: index.php'); // this redirect me perfectly
      die();
    }else {
        array_push($errors, "ACCESS DENIED!");
    }
  }

login.php

{
    $hashed_password = password_hash($password, PASSWORD_BCRYPT);
    if(password_verify($password, $hashed_password)) {
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    }
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;
      header('location: index.php');  
      die();
    }else {
        array_push($errors, "ACCESS DENIED!"); // i'm being drop here
    }
  }

i think you don't need to call `die()` after setting the header to a new location. if password_verify returns false, your $results array is never written. — ElTi-42, Jan 10 '22 at 10:49
1) password_hash() is used once, and the hash saved into the database. 2) To check the password entered when logging in, you fetch the user row from the database using only the USERNAME and then you use `password_verify($POST['Entered_password'], $hashedPassword_from_the_database)` — RiggsFolly, Jan 10 '22 at 11:15

Form is always incorrect

0 Answers0