0

I figured it out by myself thanks Im having trouble getting my php login script to work. I pretty sure there is some syntax wrong with my code and I need some help to see what I'm doing wrong. Can someone help me with that I'm doing wrong with my code because I'm lost?

What I'm trying to do it that when the user signs in, I will search the database for the username that they have entered and once they have found it, it will find the password and decrypt it. 

<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
</head>

<body>
<?php
session_start();
// Authenticates existing users
?>
<form method="post" action="login.php">

Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login">

</form>

<?php 

if ($_SERVER["REQUEST_METHOD"] == "POST")
{   

    // Connect to the database
    $mysqli = new mysqli("localhost", "bwright4", "H01597127", "bwright4");

    // Output error info if there was a connection problem
    if ($mysqli->connect_errno)
    die("Failed to connect to MySQL: ($mysqli->connect_errno) $mysqli->connect_error");

//Username information
$username = mysql_real_escape_string($_POST['username']);

// Check username and password
$password = $_POST["password"];
$password_hash = password_hash($password, PASSWORD_BCRYPT);

// bcrypt hash for "abc"
$actual_hash = '$2y$10$yd/WAu0wdbgzPk0TDNVBf.MZ0TD6pwKLM18O73aAwOdYs4291/wha';

$sql = mysql_query("SELECT * FROM users_table WHERE username='$username'");

if(mysql_num_rows($sql) == 1)
{
    $row = mysql_fetch_array($sql);

    if (password_verify($password, $actual_hash))
    {
        $_SESSION["login"] = "True";

        header("Location: index.php");
        exit;
    }
    else
        echo "<p>Wrong password</p>";
}
}


?>
<body>

</html>
Brandon Wright
  • 23
  • 6
  • can you please remove this `"bwright4", "H01597127", "bwright4"` SIDE NOTE – devpro Apr 24 '17 at 15:49
  • 1
    u r mixing mysql and mysqli – devpro Apr 24 '17 at 15:49
  • that is a part of my code, or is it for security reasons – Brandon Wright Apr 24 '17 at 15:50
  • if credentials belongs to production then remove it, otherwise fine, Well your issue is that, you are mixing the both extension, mysql and mysqli – devpro Apr 24 '17 at 15:52
  • 1
    and session start should be right on top of the page before anything else – Gert Apr 24 '17 at 15:52
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Apr 24 '17 at 15:53

0 Answers0