php login script fail to login after few hours of login

Question

i have a problem with a login script on my site, the script works after a user registers it will allow the user to login, but after some time like an hour or more the script will denied the user access to login by saying incorrect login details (this error appears when the user password is incorrect) but in this case the password is correct, i have tried to understand the reason for this kind of problem.

Again when the user recovers the password and uses it to login it will login. Please i need some help below is the code for the login

<?php
if (isset($_POST['loginaccount'])) {
    $usernamefor = $_POST['usernamelogin'];
    $passwordfor = $_POST['passwordlogin'];
    $username = mysqli_real_escape_string($connect, $usernamefor);
    $pass  = mysqli_real_escape_string($connect, $passwordfor);
    $query = "SELECT * FROM users WHERE username = '{$usernamefor}' ";
    $query = mysqli_query($connect, $query);
    $count = mysqli_num_rows($query);
    if (!$query) {
        die("QUERY FAILED". mysqli_error($connect));
    }
    if ($count <= 0) {
        $error1 = "<div class='danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>Sorry you are not a registered user </div>";
    } else {
        while ($row = mysqli_fetch_array($query)) {
            $id = $row['id'];
            $username = $row['username'];
            $user_password = $row['password'];
        }
        $passwordloader = crypt($pass, $user_password);  

        if ($username == $username && $passwordloader == $user_password) {
            header("Location: the users dasboard");

            // the below set various sessions for users//

            $_SESSION['id'] = $id;

        } else {    
            $error2 = "<div class='danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>Sorry your login details in incorect</div>";  
        }                                                        
    }
}

**But** u r not using password field to check registered users in your query — devpro, Apr 12 '19 at 15:27
do you mean the password fields sir? but the code above does login users but after some times it will start saying incorrect login details — ucheJNR_, Apr 12 '19 at 15:31
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Apr 12 '19 at 17:11

score 1 · Answer 1 · answered Apr 12 '19 at 15:36

1

You having typo error here:

$username = mysqli_real_escape_string($connect, $usernamefor);
$pass  = mysqli_real_escape_string($connec, $passwordfor);

$connect is not equal to $connec

Few more suggestions:

$username == $username this condition is unnecessary because you are overwriting this variable in while loop.

Second, do not save plain password in database.

Third, i hope you are using session_start() for this this $_SESSION['id'] = $id;

Fourth, your query will return only 1 record, then why are you using while loop here.

Fifth, your code is wide open for SQL injection, for preventing ,use prepared statement. How to use prepared statement

Sixth, if you are not using password field in your query, then no need to use mysqli_real_escape_string()

answered Apr 12 '19 at 15:36

devpro

16,184
3
27
38

sorry sir the $connect variable is a mistake when typing it here it all correct in the main script – ucheJNR_ Apr 12 '19 at 15:43
sir i appreciate your help please pardon me i want to ask something ,do you mean starting the session in the users dashboard, if that is what you mean i have session_start on the dashboard were the login header goes – ucheJNR_ Apr 12 '19 at 15:49
yes i started session in the dashboard where the login is redirecting to. secondly the same script is been used in another site it does not do such. thirdly do you think that traffic can make such script to do such thing or hacker issues – ucheJNR_ Apr 12 '19 at 15:58
@richboy: it could be... if u have any other hosting then put this code there just for testing purpose – devpro Apr 12 '19 at 16:02
@ devpro: from your observation do you think the script is having any reason to fail or does a php script fail when traffic is too much, because i started a session in the dashboard. please i want to ask for something please can i get a login script that you are sure you have been using so i can modify and try it to be sure of what is happening, currently i do not have another hosting thank sir. – ucheJNR_ Apr 12 '19 at 16:17
if u think, your traffic is out of control then u need to optimize or use any framework @richboy – devpro Apr 15 '19 at 08:09
1

I have handled the problem sir,it was another script updating something else – ucheJNR_ Apr 15 '19 at 11:02

php login script fail to login after few hours of login

1 Answers1