www.webdeveloper.com
Results 1 to 5 of 5

Thread: Problem with php and mysql login

  1. #1
    Join Date
    Jul 2014
    Posts
    1

    Problem with php and mysql login

    Hi, i have little problem, i found simple login system and using to login existing database, but all passowrds hashed i think is sha256, and user can only login with hash, not he's password.
    Here is example
    Code:
     $SHA$c325d138e7a5b67d$3d8740300cc0292a513f750b0d872a71b16c9430cc3ff9d8ca8d29c8d081eb04
    maybe somone can help me, and user can login with he's normal password.

    Here is login.php:
    PHP Code:
    <html>
    <head>
        <title>User Login Form - PHP MySQL Login System</title>
    </head>
    <body>
    <h1>User Login Form - PHP MySQL Login System/h1>
    <?php
    if (!isset($_POST['submit'])){
    ?>
    <!-- The HTML login form -->
        <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
            Username: <input type="text" name="username" /><br />
            Password: <input type="password" name="password" /><br />
     
            <input type="submit" name="submit" value="Login" />
        </form>
    <?php
    } else {
        require_once(
    "db_const.php");
        
    $mysqli = new mysqli(DB_HOSTDB_USERDB_PASSDB_NAME);
        
    # check connection
        
    if ($mysqli->connect_errno) {
            echo 
    "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
            exit();
        }
     
        
    $username $_POST['username'];
        
    $password $_POST['password'];
     
        
    $sql "SELECT * from authme WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
        
    $result $mysqli->query($sql);
        if (!
    $result->num_rows == 1) {
            echo 
    "<p>Invalid username/password combination</p>";
        } else {
            echo 
    "<p>Logged in successfully</p>";
            
    // do stuffs
        
    }
    }
    ?>        
    </body>
    </html>
    Thank you

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    868
    From your text it sounds like your password is hashed prior to storing in the db. Makes sense. Your problem now is that you need to use the same hash on the incoming password and then use THAT value in your query to match to the db value.

    PS - I would suggest you do NOT want to query for Like matches. You want EXACT matches (=) only. You don't want to login someone who makes a close guess to a password or user id!

  3. #3
    Join Date
    May 2014
    Posts
    9
    It looks like your Passwords are hashed (a good thing).

    If the problem is users cannot sign into their accounts, and you have their email addresses, simply reset all their passwords and email their temporary password to them or (better solution) upgrade your security and email your existing user base to let them know that your service has new security and requires them to reset their password (create a password reset script).

    Passwords should never be decrypted or decryptable, otherwise they are not considered to be "safe".


    Kalob
    Last edited by jedaisoul; 08-01-2014 at 05:48 PM. Reason: advertising link removed-please do not repeat

  4. #4
    Join Date
    Aug 2014
    Location
    Banglor
    Posts
    7
    Try This

    $hashedPW = $_POST['password'];
    $password= hash('sha256', $hashedPW);

  5. #5
    Join Date
    Oct 2014
    Location
    Dubai
    Posts
    2
    Hi dude, you can use this simple tutorial to create a very nice and secure login form for your website:
    http://www.onlinetuting.com/create-login-script-in-php/

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles