skip to Main Content

There is an issue with the code somewhere, but don’t know where.
It’s has been copied from chat gpt.
thats my code :

<?php


session_start();

include 'config.php'; // Zaimportuj plik z połączeniem do bazy danych

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Połącz z bazą danych
    
    
    if (!$conn) {
        die("Błąd połączenia z bazą danych: " . mysqli_connect_error());
    }

    // Pobierz dane z formularza
    $username = mysqli_real_escape_string($conn, $_POST["username"]);
    $password = $_POST["password"];

    // Znajdź użytkownika w bazie danych
    $query = "SELECT * FROM users WHERE username = '$username'";
    $result = mysqli_query($conn, $query);

    if (mysqli_num_rows($result) == 1) {
        $row = mysqli_fetch_assoc($result);

        // Sprawdź hasło
        if (password_verify($password, $row["password"])) {
            $_SESSION["user_id"] = $row["id"];
            $_SESSION["username"] = $row["username"];
            header("Location: www.wp.pl"); // Przekierowanie na stronę główną po zalogowaniu
        } else {
            echo "Nieprawidłowe hasło.";
        }
    } else {
        echo "Użytkownik o podanej nazwie nie istnieje.";
    }

    // Zamknij połączenie z bazą danych
    mysqli_close($conn);
}
?>

Is there something wrong with it ?

I have tried changing the password couple of times, but it doesn’t make any difference.
Any ideas ? What can I do to sort it ?

2

Answers


  1. Since you are getting the wrong password message, we can assume that the DB connection is correct and the problem is within this part:

    if (password_verify($password, $row["password"])) {
        $_SESSION["user_id"] = $row["id"];
        $_SESSION["username"] = $row["username"];
        header("Location: www.wp.pl"); // Przekierowanie na stronę główną po zalogowaniu
    } else {
        echo "Nieprawidłowe hasło.";
    }
    

    The password_verify function, as we can see from the docs: Verifies that a password matches a hash.
    So, you should check how you store the password in the DB. The $row["password"] should be a valid hash that you get by passing the password to the password_hash function. You can check how this works here.

    This seems to be the part that fails, so double check your stored password.

    Login or Signup to reply.
  2. he code you’ve posted seems to be a basic PHP login script that checks the entered username and password against a database. The logic looks fine, but here are a few things you can check and improve:

    Error Reporting:
    Add error reporting to your script to help identify any issues. Add the following lines at the beginning of your script:

    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    

    This will show any PHP errors on the page, which can help you identify problems.

    Redirect URL:
    Make sure the header("Location: http://www.wp.pl&quot;); line redirects to a valid URL. If you’re testing on a local server, you might want to use a relative path or a full URL.

    Database Connection:
    Verify that the database connection is successful. You include config.php, but make sure it establishes a valid connection.

    Hashed Passwords:
    Ensure that the passwords stored in your database are hashed using password_hash when they are initially stored. This is crucial for password verification with password_verify.

    Form Method and Action:
    Check if your HTML form has the correct method (POST) and action pointing to the script.

    <form method="POST" action="your-login-script.php">
    

    SQL Injection:
    Use prepared statements to prevent SQL injection. Replace your SQL query with a prepared statement.

    Example:

    $query = "SELECT * FROM users WHERE username = ?";
    $stmt = mysqli_prepare($conn, $query);
    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    

    This helps prevent SQL injection by properly escaping user inputs.

    Session Start:
    Ensure that session_start() is called at the very beginning of your script.

    session_start();
    

    After making these adjustments, carefully test the login process. If the issue persists, error messages or logs will likely provide more details on what’s going wrong.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search