0

My register page looks like this:

<?php

    include 'connect.php'; 

    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = $_POST['password'];
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $usercheck = mysqli_query($conn,"SELECT username FROM users WHERE username =    '".$username."'");
    $emailcheck = mysqli_query($conn,"SELECT email FROM users WHERE email = '".$email."'");

    $cost = 10;
    $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
    $salt = sprintf("$2a$%02d$", $cost) . $salt;
    $hash = crypt($password, $salt);

    if (mysqli_num_rows($usercheck) > 0) 
    {
        echo "username already exist";
    }
    elseif (mysqli_num_rows($emailcheck) > 0) 
    {
        echo"email already exist";
    }
    else
    {
        $sql="INSERT INTO `database`.`users` (`username`, `password`,  `email`) VALUES ('$username', '$hash', '$email')";
        echo "account created";
        if (!mysqli_query($conn, $sql))
        {
            die('error ' . mysqli_error($conn));
        }
    }

    mysqli_close($conn);

?>

The register code work fine, I only have no idea how to login from that. I have this now My login code is:

<?php

    include 'connect.php';

    $username       = $_POST['username']; 
    $password       = $_POST['password']; 

    $sth = $conn->prepare('SELECT * FROM users WHERE username = :username LIMIT 1');

    $sth->bindParam(':username', $username);

    $sth->execute();

    $user = $sth->fetch(PDO::FETCH_OBJ);

    // Hashing the password with its hash as the salt returns the same hash
    if ( crypt($password, $user->users) == $user->users ) {

        echo "login?";
    }
        else 
    {
        echo "error?";
    }

?>

But it seems this is only for an validation, as result I get an blank page with nothing. Login form is in another script. I need some advice because when I search the internet it gives something like this back also with crypt() login. Sorry for the no comment in the code. Thank you in advanced.

EDIT: changed the login code to this, but i don't know how to check the hash password:

<?php
            include 'connect.php';
    // Define $username and $password
    $username=$_post['username'];
    $password=$_post['password'];


    //Check username and password from database
    $sql="SELECT username FROM users WHERE username='$username' and password='$password'LIMIT 1";
    $result=mysqli_query($db,$sql);


    //If username and password exist in our database then create a session.
    //Otherwise echo error.

    if(mysqli_num_rows($result) == 1)
    {
    $_SESSION['username'] = $login_user; // Initializing Session
    header("location: register.php"); // Redirecting To Other Page
    }else
    {
    echo"testwrong";
    }

            ?>

Ricardo

the R
  • 49
  • 8
  • I see mysqli_ code in one then PDO in the other. You're not connecting with mysqli_ for that PDO, are you? If so, you can't mix those up. http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php – Funk Forty Niner Dec 16 '15 at 19:40
  • possible duplicate of http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php – Funk Forty Niner Dec 16 '15 at 19:41
  • @Fred-ii- i'm using mysqli to connect with the database $conn = new mysqli($host, $user, $adminpassword, $db); so i should change my login to mysqli commands? – the R Dec 16 '15 at 19:57
  • you can't use mysqli to connect with and then using that variable for it in order to query with. You must use the same MySQL API from connection to querying. – Funk Forty Niner Dec 16 '15 at 19:59
  • I left out *and using PDO to query with*. – Funk Forty Niner Dec 16 '15 at 20:07
  • ok i understand, so i need to change my login script because all other code is in mysqli, i just need to know how i verified my password to login with the register script. – the R Dec 16 '15 at 20:16
  • 1
    You compared with the wrong database field `$user->users` instead of `$user->password`. Easier and better would be to use `if (password_verify($password, $user->password))` and `$hash = password_hash($password)` for registering. – martinstoeckli Dec 17 '15 at 09:10

0 Answers0