my login form look like this:
<form class="form-signin" method="post" id="login-form">
<div id="img_container" class="imgcontainer">
<img src="../images/img_avatar2.png" alt="Avatar" class="avatar">
</div>
<?php
if(isset($msg)){
echo $msg;
}
?>
<div id="container" class="container">
<label><b>Navn</b></label>
<input type="text" placeholder="Enter E-mail" name="email" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit" name="btn-login" id="btn-login">Login!</button>
<input type="checkbox" checked="checked"> Rember me
<span class="psw"><a href="#">Forgot your passowrd?</a></span>
</div>
</form>
and my connection to the database look like this:
<?php
session_start();
require_once '../db/dbconnect.php';
if (isset($_POST['btn-login'])) {
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['psw']);
$email = $DBcon->real_escape_string($email);
$password = $DBcon->real_escape_string($password);
$query = $DBcon->query("SELECT user_id, email, psw FROM Users WHERE email='$email'");
$row=$query->fetch_array();
$count = $query->num_rows; // if email/password are correct returns must be 1 row
if (password_verify($password, $row['psw']) && $count==1) {
$_SESSION['userSession'] = $row['user_id'];
header("Location: student.php");
} else {
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> Invalid E-mail or Password !
</div>";
}
$DBcon->close();
}
?>
My connection to the database is fine, but the error "Invalid E-mail or Password !" keeps appearing, but i have testet what the input is the right data.
is it because my password in the database hashed? or do i just have a stupid mistake?
EDIT 1:
This is what i do before the hashing of the password under user creation. I this works fine, i dont have any error in making the user, it is under the login the error is appearing
$uname = strip_tags($_POST['uname']);
$upass = strip_tags($_POST['psw']);
$phone = strip_tags($_POST['mobil']);
$email = strip_tags($_POST['email']);
$lat = strip_tags($_POST['lat']);
$long = strip_tags($_POST['long']);
$role = strip_tags($_POST['role']);
$uname = $DBcon->real_escape_string($uname);
$upass = $DBcon->real_escape_string($upass);
$phone = $DBcon->real_escape_string($phone);
$email = $DBcon->real_escape_string($email);
$lat = $DBcon->real_escape_string($lat);
$long = $DBcon->real_escape_string($long);
$role = $DBcon->real_escape_string($role);