duanguane1670 2019-05-22 04:57
浏览 76
已采纳

too long

Shoutout to the YouTube user "mmtuts" because this is basically a copy from his tutorial (at least I learned something) (https://www.youtube.com/watch?v=LC9GaXkdxF8).

This is my first attempt for a website with a login system.

TL;DR: I ran into the problem where not even the correct passwords work with any user (aparently the user is accepted since I had the error "wronguser" aka user not found in the database but then I found my mistakes).

I am running my database using MySQL and Apache (using XAMPP). I've tried to rewrite all the names on the database and the main PHP index where the website is with the login inputs on a modal.

      mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
      mysqli_stmt_execute($stmt);
      $result = mysqli_stmt_get_result($stmt);
      if ($row = mysqli_fetch_assoc($result)) {
        $pwdCheck = password_verify($password, $row['Password']); <!-- CHECKS IF INSERTED PASSWORD = DATABASE PASSWORD FOR INSERTED USER -->
        if ($pwdCheck == false) { <!-- IF PASSWORD DOESN'T MATCH WITH DATABASE PASSWORD FOR INSERTED USER THEN GO TO THIS "WRONG PASSWORD" ERROR PAGE (KEEPS GOING TO THIS PAGE) -->
          header("Location: ../index.php?error=password_errada1"); 
          exit();
    }
    else if($pwdCheck == true) { <!-- IF THE PASSWORD IS CORRECT THEN OPEN SESSION FOR THE INSERTED USER -->
      session_start();
      $_SESSION['userId'] = $row['idAluno'];
      $_SESSION['userUid'] = $row['NumeroAluno'];
      $_SESSION['userPrimeiroNome'] = $row['PrimeiroNome'];
      $_SESSION['userUltimoNome'] = $row['UltimoNome'];
      $_SESSION['userAno'] = $row['Ano'];
      $_SESSION['userTurma'] = $row['Turma'];
      $_SESSION['userRequisitou'] = $row['Requisitou'];

      header("Location: ../index.php?login=login_sucesso");
      exit();
    }

Looked for answers and tried to fix it for at least 1 hour now. Sorry if my post is going against any rules that I might not know about. I am so done because I know stuff like this it's always a dumb mistake.

EDIT 1: I can provide more code if wanted.

$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "loginsystem";

$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);

if (!$conn) {
  die("Erro de conexão: ".mysqli_connect_error());
}

dbStructure Code:

CREATE TABLE alunos ( idAluno int(11) NOT NULL, NumeroAluno varchar(7) NOT NULL, Password varchar(50) NOT NULL, Email varchar(50) NOT NULL, PrimeiroNome varchar(25) NOT NULL, UltimoNome varchar(25) NOT NULL, Ano int(2) NOT NULL, Turma varchar(8) NOT NULL, Requisitou int(1) NOT NULL DEFAULT '0' ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

</div>
  • 写回答

2条回答 默认 最新

  • douying1119 2019-05-23 02:30
    关注

    I was saving the passwords manually using the database page and obviously the passwords were getting saved has plain text and not getting hashed, so when I tried to login using my PHP code the inserted password was getting hashed and the hashed password getting compared to the plain text password.

    Solved this by creating a signup which creates users with hashed passwords so that the PHP compares HASHED / HASHED and not HASHED - NON-HASHED.

    Could be solved aswell by not hashing the password anywhere (unsafe but easy).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?