So I have my log in script that I am trying to get to work, but when I try to log in it always says no even if the test I included below says expected:(password hash here) found: (same password hash here) I have changed the code so many times in attempts to fix it, and done a load of Google searches(for those who want to give me lmgtfy links) trying to fix it. I've included as much of the code as I can without having to add fake details so stack overflow would let me add more code:
Actual script:
else{
$login = login($username, $password);
if ($login === false) {
$errors[] = 'That username/password is incorrect';
} else {
echo "ok";
$_SESSION['user_id'] = $login;
header('Location: index2.php');
exit();
}
}
print_r($errors);
//echo "expected to see: ". $pass. " "; //this was a test
//echo "found: ".$passen; //this was too
Login function:
function login($username, $password){
$user_id = sanitize($username);
$db = get_my_db();
$username = sanitize($username);
$password = md5($password);
$sql = "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
return ($db->query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'") === 1) ? $user_id : false; }
And the sanitize()
function is just mysqli_real_escape_string($data)
if you want anything else, let me know, and i'll put it in. By the way, the tests script was this: and the expected function just turned the $password into an md5.
$res = $db->query("SELECT `password` FROM users WHERE username = '$username'");
$row = $res->fetch_assoc();
$pass = $row['password'];
$passen = expected($password);