1

please help me with this because whenever i open this i am getting the same error.In my database i inserted an email and password but now when i insert the same into the login form i am getting that the email or password is incorrect even though they are correct which i had entered enter image description here

user.php

<?php 

class User{
    protected $pdo;

    function __construct($pdo){
        $this->pdo = $pdo;
    }

    public function checkInput($var){
        $var = htmlspecialchars($var);
        $var = trim($var);
        $var = stripcslashes($var);
        return $var;
    }

    public function login($email, $password){
        $stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
        $stmt->bindParam(":email", $email, PDO::PARAM_STR);
        $tempo = md5($password);
        $stmt->bindParam(":password", $tempo, PDO::PARAM_STR);
        $stmt->execute();

        $user = $stmt->fetch(PDO::FETCH_OBJ);
        $count = $stmt->rowCount();

        if($count > 0){
            $_SESSION['user_id'] = $user->user_id;
            header('Location: home.php');
        }else{
            return false;
        }
    }
}
?>

login.php

<?php 

if(isset($_POST['login']) && !empty($_POST['login'])){
    $email =$_POST['email'];
    $password =$_POST['password'];

        if(!empty($email) && !empty($password)){
                $email = $getFromU->checkInput($email);
                $password = $getFromU->checkInput($password);

                if(!filter_var($email , FILTER_VALIDATE_EMAIL)){
                    $error = "Invalid format";
                }else{
                    if($getFromU->login($email, $password)==false){
                        $error = "The email or password is incorrect!";
                    }
                }
    }else{
        $error = "Please enter username and password!";
    }
}

?>
<div class="login-div">
<form method="post"> 
    <ul>
        <li>
          <input type="text" name="email" placeholder="Please enter your Email here"/>
        </li>
        <li>
          <input type="password" name="password" placeholder="password"/><input type="submit" name="login" value="Log in"/>
        </li>
        <li>
          <input type="checkbox" Value="Remember me">Remember me
        </li>
        <?php
        if(isset($error)){
                echo ' <li class="error-li">
      <div class="span-fp-error">'.$error.'</div>
     </li>';
        }
        ?>
    </ul>
     </form>
</div>
mohandattu
  • 15
  • 6
  • 1
    Please do not roll your own password hashing scheme. PHP provides [``password_hash()``](http://php.net/manual/en/function.password-hash.php) and [``password_verify()``](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet). If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat). – Karsten Koop Apr 26 '18 at 10:33

1 Answers1

0

@Mohandattu. To debug this, what I can suggest do following.

  • First check the database, how the password has been saved.

  • Then dump your actual password i.e md5($password);

  • Then cross check both, I'm thinking it might be different, sometimes if your password column length is less it will fail to insert an actual encrypted value into the database, in that scenario it will trim the value and inserted.

Another approach

bharadwaja Gummadi
  • 305
  • 1
  • 12
  • well the type is varchar and the length is 255 , i had already changed the value in database but still i am getting the same resut – mohandattu Apr 26 '18 at 10:36
  • Have you cross-checked with DB value and your dump? is both are equal? – bharadwaja Gummadi Apr 26 '18 at 10:37
  • sorry but i am a newbie well my database password value is 123456 but what is a dump value and didn't create any register site – mohandattu Apr 26 '18 at 10:54
  • @mohandattu Okay not an issue, if you notice your password is not encrypted, generally if you encrypt using `md5('123456')`, the value will be something like this - `e10adc3949ba59abbe56e057f20f883e` but in your DB it is storing as **123456**, it supposed to be encrypted before it's saving. – bharadwaja Gummadi Apr 26 '18 at 11:10
  • as per your code, your are encrypting your password before fetch `$tempo = md5($password);` // this line will encrypt your password so it will become like this `'e10adc3949ba59abbe56e057f20f883e'`, but in your db the password is '123456', so both are different, that's why your are not getting any records. – bharadwaja Gummadi Apr 26 '18 at 11:17
  • so can u tell me how to convert my database passwordvalue to encrypted form.then what is the solution to this problem what i have to change in the code – mohandattu Apr 26 '18 at 11:30
  • @mohandattu, - Before savin/inserting password, we've to encrypt and save, how to encrypt? md5($password); in the same way before fetching also we've to encrypt. for better way PHP provides password_hash and password_verify inbuilt we can use this as well. **so can u tell me how to convert my database passwordvalue to encrypted form**, in your script you can do like this `echo md5('123456')`; exit; if you run this it will give you some encrypted string, replace that string in your database. – bharadwaja Gummadi Apr 26 '18 at 11:36
  • yes i did it i got a encrpted value as202cb962ac59075b964b07152d234b70 and the same i replaced in my database still the result is same i am getting the same thing – mohandattu Apr 26 '18 at 11:52
  • @mohandattu, could you please paste the error you are getting. – bharadwaja Gummadi Apr 26 '18 at 11:56
  • i am getting the same image in the above description of my problem – mohandattu Apr 26 '18 at 12:10
  • @mohandattu, I'm at the office, I can't able to access that image, that's the reason I'm asking. – bharadwaja Gummadi Apr 26 '18 at 12:23
  • sorry The email or password is incorrect! this is the error i am getting – mohandattu Apr 26 '18 at 12:33
  • Please check this code, and go through the comments, https://gist.github.com/bharadhwaj-g/cef58888e22bd9f4cf4c4d954d14fafe – bharadwaja Gummadi Apr 26 '18 at 13:54