I am trying to match user input password with stored one in database. Until now it was working perfectly fine But all of sudden started behaving weird.
Script started showing error of Invalid Email id or password despite information is correct. Refreshing window Immediately after error displayed shows username stored in $_Session variable (which means user is logged in).
But how is this possible when user didn't reached to the point where username get stored in $_session.
Anyway, I tried to unset session variable at the beginning of script thinking there $_session is not destroyed completely (though it was) but that didn't worked too.
I have already tested using strcmp at $check_password===$row['password'] but no success. I also tested this with "==" operators but no luck.
Surprisingly, when i try this on localhost, it works fine but on server it produce error as mentioned.
I checked error log but nothing was there. any clue, what is causing this?
foreach($result as $row)
{
$pass = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++) { $check_password = hash('sha256', $pass . $row['salt']); }
if($check_password===$row['password'])
{
// check if e-mail verification has been done or not
if(strcmp($row['activation'],"Active")==0)
{
$_SESSION['username'] = $row['username'];
$response['status'] = 'success';
$response['message'] = 'Login successful.';
}
else
{
$response['status'] = 'failure';
$response['message'] = 'Your Account is Not verified Yet. Kindly verify your account via Login panel Verify Account link.';
}
}
else
{
$response['status'] = 'failure';
$response['message'] = 'Invalid Email id or password.'; <--- Error point
}
}