Password displaying generated password instead of entered password
Posted by: Chukwura (197.210.28.---)
Date: September 20, 2017 01:04PM

Please help,

I am creating a login system and have successfully created a database, a config file, and a registration form,but my login system is not working well in that on filling the username and password the system rejects the password. On checking the phpMyAdmin, I discovered generated passwords in place of the passwords entered on registration.
Your help is appreciated.
Here are the registration and login forms:

The Registration Form:

<?php
// Include config file
require_once 'config.php';

// Define variables and initialize with empty values
$username = $password = $confirm_password = "";
$username_err = $password_err = $confirm_password_err = "";

// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST"winking smiley {

// Validate username
if(empty(trim($_POST["username"]))) {
$username_err = "Please enter a username";
} else {
// Prepare a select statement
$sql = "SELECT id FROM myguests WHERE username = ?";

if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);

// set parameters
$param_username = trim($_POST["username"]);

// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
/* Store result */
mysqli_stmt_store_result($stmt);

// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
$username_err = "This username is already taken";
}else{
$username = trim($_POST["username"]);
}
}else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Validate password
if(empty(trim($_POST['password']))) {
$password_err = "Please enter a password";
}elseif(strlen(trim($_POST['password'])) < 6) {
$password_err = "Password must have atleast 6 characters";
}else{
$password = trim($_POST['password']);
}

// Validate confirm password
if(empty(trim($_POST['confirm_password']))) {
$confirm_password_err = "Please confirm password";
}else{
$confirm_password = trim($_POST['confirm_password']);
if($password != $confirm_password) {
$confirm_password_err = 'Password did not match';
}
}

//Check input errors before inserting in database
if(empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
// Prepare an insert statement
$sql = "INSERT INTO myguests (username, password) VALUES (?, ?)";

if($stmt = mysqli_prepare($link, $sql)) {
//Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
// Set parameters
$param_username = $username;

// Create a password hash
$param_password = password_hash($password, PASSWORD_DEFAULT);

// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Redirect to login page
header("location: login.php"winking smiley;
}else{
echo "Something went wrong. Please try again later";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com.bootstrap];
<style type="text/css">
body { font: 14px sans-serif; }
.wrapper { width: 350px; padding 20px; }
</style>
</head>
<body>

<div class="wrapper">
<h2>Sign Up</h2>
<p>Please fill in your credentials.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error': '' ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error': '' ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error': '' ?>">
<label>Confirm Password:<sup>*</sup></label>
<input type="password" name="confirm_password" class="form-control" value="<?php
echo $confirm_password; ?>">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value = "Reset">
</div>
<p>Already have an account? <a href="login.php">Login here</a></p>
</form>
</div>

</body>
</html>



The Login Form:

<?php
// include config file
require_once 'config.php';

// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST"winking smiley {

// Check if username is empty
if (empty(trim($_POST['username']))) {
$username_err = 'Please enter your username.';
} else {
$username = trim($_POST['username']);
}

// Check if password is empty
if (empty(trim($_POST['password']))) {
$password_err = 'Please enter your pasword';
} else {
$password_err = trim($_POST['password']);
}

// Validate credentials
if(empty($username_err) && empty($password_err)) {
// Prepare a select statement
$sql = "SELECT username, password FROM myguests WHERE username = ?";

if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);

// Set parameters
$param_username = $username;

// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);

// Check if username exist, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)) {
if(password_verify($password, $hashed_password)) {
/* Password is correct, so start a new session and save username to the session */
session_start();
$_SESSION['username'] = $username;
header("location: welcome.php"winking smiley;
} else {
//Display error message if password is not valid
$password_err = 'The password you entered is not invalid.';
}
}
} else {
// Display error message if username doesn't exist
$username_err = 'No account found with that username.';
}
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}

// close statement
mysqli_stmt_close_($stmt);
}

// Close connection
mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com];
<style type="text/css">
body {font: 14px sans-serif;}
.wrapper {width: 350px; padding: 20px;}
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div>
</body>
</html>

Options: ReplyQuote
Re: Password displaying generated password instead of entered password
Posted by: Otomatic (Moderator)
Date: September 20, 2017 02:45PM

Hi,

I repeat once again that this forum is not intended to debug PHP scripts or SQL queries from Wampserver users.

------------------------------------------------------------------------------------------------------------
(W7 Pro 64 bit)-Wampserver 3.1.0 32 bit - Apache 2.4.27 - PHP 7.1.10/7.0.24/5.6.31 - MySQL 5.7.19 - MariaDB 10.2.8
Wampserver 3.1.0 64 bit - Apache 2.4.27 - PHP 7.1.10/7.0.24/5.6.31 - MySQL 5.7.19 - MariaDB 10.2.8
PhPMyAdmin 4.7.4 - MysqlDumper 1.24.5

Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
« Ce n'est pas parce qu'ils sont nombreux à avoir tort, qu'ils ont forcément raison. Coluche »
« It's not because they are many to be wrong, they are necessarily right. Coluche »

Options: ReplyQuote


Sorry, only registered users may post in this forum.