There is an issue with the code somewhere, but don’t know where.
It’s has been copied from chat gpt.
thats my code :
<?php
session_start();
include 'config.php'; // Zaimportuj plik z połączeniem do bazy danych
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Połącz z bazą danych
if (!$conn) {
die("Błąd połączenia z bazą danych: " . mysqli_connect_error());
}
// Pobierz dane z formularza
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$password = $_POST["password"];
// Znajdź użytkownika w bazie danych
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
// Sprawdź hasło
if (password_verify($password, $row["password"])) {
$_SESSION["user_id"] = $row["id"];
$_SESSION["username"] = $row["username"];
header("Location: www.wp.pl"); // Przekierowanie na stronę główną po zalogowaniu
} else {
echo "Nieprawidłowe hasło.";
}
} else {
echo "Użytkownik o podanej nazwie nie istnieje.";
}
// Zamknij połączenie z bazą danych
mysqli_close($conn);
}
?>
Is there something wrong with it ?
I have tried changing the password couple of times, but it doesn’t make any difference.
Any ideas ? What can I do to sort it ?
2
Answers
Since you are getting the wrong password message, we can assume that the DB connection is correct and the problem is within this part:
The
password_verifyfunction, as we can see from the docs: Verifies that a password matches a hash.So, you should check how you store the password in the DB. The
$row["password"]should be a valid hash that you get by passing the password to thepassword_hashfunction. You can check how this works here.This seems to be the part that fails, so double check your stored password.
he code you’ve posted seems to be a basic PHP login script that checks the entered username and password against a database. The logic looks fine, but here are a few things you can check and improve:
Error Reporting:
Add error reporting to your script to help identify any issues. Add the following lines at the beginning of your script:
This will show any PHP errors on the page, which can help you identify problems.
Redirect URL:
Make sure the header("Location: http://www.wp.pl"); line redirects to a valid URL. If you’re testing on a local server, you might want to use a relative path or a full URL.
Database Connection:
Verify that the database connection is successful. You include config.php, but make sure it establishes a valid connection.
Hashed Passwords:
Ensure that the passwords stored in your database are hashed using password_hash when they are initially stored. This is crucial for password verification with password_verify.
Form Method and Action:
Check if your HTML form has the correct method (POST) and action pointing to the script.
SQL Injection:
Use prepared statements to prevent SQL injection. Replace your SQL query with a prepared statement.
Example:
This helps prevent SQL injection by properly escaping user inputs.
Session Start:
Ensure that session_start() is called at the very beginning of your script.
After making these adjustments, carefully test the login process. If the issue persists, error messages or logs will likely provide more details on what’s going wrong.