Skip to content Skip to sidebar Skip to footer
Home / Php / Sql

Hashed Password Logging In Error

Post a Comment
Okay, So I am hashing my password using 'sha1' when I define what the variable '$password' is, and then at the log in stage, I use 'sha1' again but my error message Invalid login c

Solution 1:

There are a few pitfalls with your code and a few possibilities to solve it.

The fast and dirty solve is to change the lines

if (!empty($_POST['email']))
{
    $email = $_POST['email'];
    $password =   ($_POST['pass']);

to

if (!empty($_POST['email']))
{
    $email = $_POST['email'];
    $password =   sha1($_POST['pass']); //you need to check the hashes not the password itself.

A much cleaner fix would be to use password_hash (see here).

Your code would than be:

To use mysqli db

$myslqiDB = new mysqli("localhost", "my_user", "my_password", "world");

To sign up

$email = $myslqiDB->real_escape_string($_POST['email']);
$options = [
    'cost' => 12,
];
$password = $myslqiDB->real_escape_string(password_hash ($_POST['password'],PASSWORD_BCRYPT, $options));

$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$password')";

$data = $myslqiDB->query ($query)ordie($myslqiDB->error());

To login

if (!empty($_POST['email']))
{
    $email = $myslqiDB->real_escape_string($_POST['email']);
    $password = $_POST['pass'];
    $query = $myslqiDB->query ("SELECT * FROM admin WHERE email = '$email'");

    $row = $myslqiDB->fetch_assoc ($query);
    if(!empty($row['email']) AND !empty($row['password']))
    {
        if (password_verify ( $password , $row['password'] ) ){
            //loggedin
        }else{
            //wrong password.
        }
    }else{
        //no user with this email
    }

Solution 2:

After printing my $query to see what password was getting compared to the database and inspecting the hashed password in the database, I realised that the one in the database had 10 characters missing, where I realised my VARCHAR was set to 30... and the password hash was 40!

After setting VARCHAR(40) the password hash worked straight away.

anyone with a similar issue to me (stupidity) make sure your values in the database are long enough.

Post a Comment for "Hashed Password Logging In Error"