Results 1 to 4 of 4

Thread: Problem with php and mysql login

  1. #1
    Join Date
    Jul 2014

    Problem with php and mysql login

    Hi, i have little problem, i found simple login system and using to login existing database, but all passowrds hashed i think is sha256, and user can only login with hash, not he's password.
    Here is example
    maybe somone can help me, and user can login with he's normal password.

    Here is login.php:
    PHP Code:
        <title>User Login Form - PHP MySQL Login System</title>
    <h1>User Login Form - PHP MySQL Login System/h1>
    if (!isset($_POST['submit'])){
    <!-- The HTML login form -->
        <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
            Username: <input type="text" name="username" /><br />
            Password: <input type="password" name="password" /><br />
            <input type="submit" name="submit" value="Login" />
    } else {
    $mysqli = new mysqli(DB_HOSTDB_USERDB_PASSDB_NAME);
    # check connection
    if ($mysqli->connect_errno) {
    "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
    $username $_POST['username'];
    $password $_POST['password'];
    $sql "SELECT * from authme WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result $mysqli->query($sql);
        if (!
    $result->num_rows == 1) {
    "<p>Invalid username/password combination</p>";
        } else {
    "<p>Logged in successfully</p>";
    // do stuffs
    Thank you

  2. #2
    Join Date
    Jul 2013
    Voorheesville NY USA
    From your text it sounds like your password is hashed prior to storing in the db. Makes sense. Your problem now is that you need to use the same hash on the incoming password and then use THAT value in your query to match to the db value.

    PS - I would suggest you do NOT want to query for Like matches. You want EXACT matches (=) only. You don't want to login someone who makes a close guess to a password or user id!
    PS - If you're posting here you should be using:

    error_reporting(E_ALL | E_NOTICE);
    ini_set('display_errors', '1');

    at the top of ALL php code while you develop it!

  3. #3
    Join Date
    May 2014
    It looks like your Passwords are hashed (a good thing).

    If the problem is users cannot sign into their accounts, and you have their email addresses, simply reset all their passwords and email their temporary password to them or (better solution) upgrade your security and email your existing user base to let them know that your service has new security and requires them to reset their password (create a password reset script).

    Passwords should never be decrypted or decryptable, otherwise they are not considered to be "safe".

    Last edited by jedaisoul; 08-01-2014 at 04:48 PM. Reason: advertising link removed-please do not repeat

  4. #4
    Join Date
    Aug 2014
    Try This

    $hashedPW = $_POST['password'];
    $password= hash('sha256', $hashedPW);

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center

Recent Articles