Problems When Logging in connection php mysql

Navigation
0

Hi, I have a problem, I can not manage to start a session and it does not show me an error in the X or Y column. Only the pre-designed message is sent to me in case the code fails (urgent help is a job I want to present at school) ) 

$conexion = new mysqli($host_db,$user_db,$pass_db,$db_name);
if($conexion->connect_error){
    die("Algo Ah Fallado:".$conexion->connection_error);
    }
    $username = $_POST['username'];
    $password = $_POST['clave'];
    $sql = "SELECT * FROM $tbl_name WHERE Usuario = '$username'";
    $result = $conexion->query($sql);
    if($result->num_rows === 1){
        $row = $result->fetch_array(MYSQLI_ASSOC);
        if(password_verify($password,$row['Password'])){
            $_SESSION['loggedin'] =true;
            $_SESSION['Usuario'] =$username;
            $_SESSION['start'] =time();
            $_SESSION['expire'] =$_SESSION['start']+(5*60);
            header('Location: index.php');
            }else{
                echo "Usuario o contraseña incorrectos, Ya te haz registrado.?";
                echo "<br><a href='login.html'>Volver a Intentarlo</a>";

                }
        }
    
asked by PartyHard 23.05.2017 в 04:58
source

1 answer

0

According to the manual, password_verify () , you need as your first parameter, your password as such , that is, $password in your case, and as a second parameter, that same password but 'hasheada', in order to Spanishize it.

Then the problem may be that the second parameter that you put in password_verify () may be not 'hashed'. You should verify in the db, if the passwords are 'hashed' or not. Or, if when a user registers, his password is entered 'hasheada'.

How do you have the password to enter it into the db? Using password_hash () , which you should implement when a user registers and sets their password.

This is your code tested with fixed parameters and 'hashing' the password brought from the db before using the password_verify (). Of course it is only a demonstration, because the correct thing is that the password comes already 'hasheada' from the db. 

<?php 
$conexion = new mysqli('localhost','root','','test');
if($conexion->connect_error){
  die("Algo Ah Fallado:".$conexion->connection_error);
  }
  $username = 'roberto';
  $password = '123456';
  $tbl_name = 'usuarios';  //no pusiste de dónde venía este dato en tu ejemplo, solo lo construí aquí para testear.
  $sql = "SELECT * FROM $tbl_name WHERE Usuario = '$username'";
  $result = $conexion->query($sql);
  if($result->num_rows === 1){
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $hasheada = password_hash($row['Password'],PASSWORD_DEFAULT);  //hasheo la password con el método por defecto. Recuerda que es solo para ejemplificar lo que te falta.
    if(password_verify($password,$hasheada)){
      $_SESSION['loggedin'] =true;
      $_SESSION['Usuario'] =$username;
      $_SESSION['start'] =time();
      $_SESSION['expire'] =$_SESSION['start']+(5*60);
      //header('Location: index.html');
      echo $hasheada;  //comenté el header solo para ver la password hasheada.
    }
    else{
      echo "Usuario o contraseña incorrectos, Ya te haz registrado.?";
      echo "<br><a href='login.html'>Volver a Intentarlo</a>";
    }
  }
 ?>

What is shown on the screen is the following:

That corresponds to '123456' hasheado.

note1:  This answer I have investigated and tested only now, that is, I have no experience in the subject, I am only assuming that maybe the error corresponds to what I propose. In any case, it could be useful for someone who has made that mistake.

note2 The term 'hash' is not clear to me if it is the same as 'encrypt', that is why I have not used the latter. If someone who knows it could corroborate it, it would be very helpful to deespañolizar the 'hasheando', 'hasheado', 'hasheada' that I used in this answer.

    
answered by 23.05.2017 в 21:16
To know the originating user of an email message through DJango vHost.exe stopped working WinForms c #