WampServer
Apache, PHP, MySQL
on Windows
Password displaying generated password instead of entered password
Posted by:
Chukwura
(197.210.28.---)
Date: September 20, 2017 01:04PM
Please help,
I am creating a login system and have successfully created a database, a config file, and a registration form,but my login system is not working well in that on filling the username and password the system rejects the password. On checking the phpMyAdmin, I discovered generated passwords in place of the passwords entered on registration.
Your help is appreciated.
Here are the registration and login forms:
The Registration Form:
<?php
// Include config file
require_once 'config.php';
// Define variables and initialize with empty values
$username = $password = $confirm_password = "";
$username_err = $password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST"
{
// Validate username
if(empty(trim($_POST["username"]))) {
$username_err = "Please enter a username";
} else {
// Prepare a select statement
$sql = "SELECT id FROM myguests WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// set parameters
$param_username = trim($_POST["username"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
/* Store result */
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
$username_err = "This username is already taken";
}else{
$username = trim($_POST["username"]);
}
}else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Validate password
if(empty(trim($_POST['password']))) {
$password_err = "Please enter a password";
}elseif(strlen(trim($_POST['password'])) < 6) {
$password_err = "Password must have atleast 6 characters";
}else{
$password = trim($_POST['password']);
}
// Validate confirm password
if(empty(trim($_POST['confirm_password']))) {
$confirm_password_err = "Please confirm password";
}else{
$confirm_password = trim($_POST['confirm_password']);
if($password != $confirm_password) {
$confirm_password_err = 'Password did not match';
}
}
//Check input errors before inserting in database
if(empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
// Prepare an insert statement
$sql = "INSERT INTO myguests (username, password) VALUES (?, ?)";
if($stmt = mysqli_prepare($link, $sql)) {
//Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
// Set parameters
$param_username = $username;
// Create a password hash
$param_password = password_hash($password, PASSWORD_DEFAULT);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Redirect to login page
header("location: login.php";
}else{
echo "Something went wrong. Please try again later";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com.bootstrap];
<style type="text/css">
body { font: 14px sans-serif; }
.wrapper { width: 350px; padding 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Sign Up</h2>
<p>Please fill in your credentials.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error': '' ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error': '' ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error': '' ?>">
<label>Confirm Password:<sup>*</sup></label>
<input type="password" name="confirm_password" class="form-control" value="<?php
echo $confirm_password; ?>">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value = "Reset">
</div>
<p>Already have an account? <a href="login.php">Login here</a></p>
</form>
</div>
</body>
</html>
The Login Form:
<?php
// include config file
require_once 'config.php';
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST" {
// Check if username is empty
if (empty(trim($_POST['username']))) {
$username_err = 'Please enter your username.';
} else {
$username = trim($_POST['username']);
}
// Check if password is empty
if (empty(trim($_POST['password']))) {
$password_err = 'Please enter your pasword';
} else {
$password_err = trim($_POST['password']);
}
// Validate credentials
if(empty($username_err) && empty($password_err)) {
// Prepare a select statement
$sql = "SELECT username, password FROM myguests WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exist, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)) {
if(password_verify($password, $hashed_password)) {
/* Password is correct, so start a new session and save username to the session */
session_start();
$_SESSION['username'] = $username;
header("location: welcome.php";
} else {
//Display error message if password is not valid
$password_err = 'The password you entered is not invalid.';
}
}
} else {
// Display error message if username doesn't exist
$username_err = 'No account found with that username.';
}
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}
// close statement
mysqli_stmt_close_($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com];
<style type="text/css">
body {font: 14px sans-serif;}
.wrapper {width: 350px; padding: 20px;}
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div>
</body>
</html>
I am creating a login system and have successfully created a database, a config file, and a registration form,but my login system is not working well in that on filling the username and password the system rejects the password. On checking the phpMyAdmin, I discovered generated passwords in place of the passwords entered on registration.
Your help is appreciated.
Here are the registration and login forms:
The Registration Form:
<?php
// Include config file
require_once 'config.php';
// Define variables and initialize with empty values
$username = $password = $confirm_password = "";
$username_err = $password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST"
{// Validate username
if(empty(trim($_POST["username"]))) {
$username_err = "Please enter a username";
} else {
// Prepare a select statement
$sql = "SELECT id FROM myguests WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// set parameters
$param_username = trim($_POST["username"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
/* Store result */
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
$username_err = "This username is already taken";
}else{
$username = trim($_POST["username"]);
}
}else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Validate password
if(empty(trim($_POST['password']))) {
$password_err = "Please enter a password";
}elseif(strlen(trim($_POST['password'])) < 6) {
$password_err = "Password must have atleast 6 characters";
}else{
$password = trim($_POST['password']);
}
// Validate confirm password
if(empty(trim($_POST['confirm_password']))) {
$confirm_password_err = "Please confirm password";
}else{
$confirm_password = trim($_POST['confirm_password']);
if($password != $confirm_password) {
$confirm_password_err = 'Password did not match';
}
}
//Check input errors before inserting in database
if(empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
// Prepare an insert statement
$sql = "INSERT INTO myguests (username, password) VALUES (?, ?)";
if($stmt = mysqli_prepare($link, $sql)) {
//Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
// Set parameters
$param_username = $username;
// Create a password hash
$param_password = password_hash($password, PASSWORD_DEFAULT);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Redirect to login page
header("location: login.php"
;}else{
echo "Something went wrong. Please try again later";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com.bootstrap];
<style type="text/css">
body { font: 14px sans-serif; }
.wrapper { width: 350px; padding 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Sign Up</h2>
<p>Please fill in your credentials.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error': '' ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error': '' ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error': '' ?>">
<label>Confirm Password:<sup>*</sup></label>
<input type="password" name="confirm_password" class="form-control" value="<?php
echo $confirm_password; ?>">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value = "Reset">
</div>
<p>Already have an account? <a href="login.php">Login here</a></p>
</form>
</div>
</body>
</html>
The Login Form:
<?php
// include config file
require_once 'config.php';
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST"
{// Check if username is empty
if (empty(trim($_POST['username']))) {
$username_err = 'Please enter your username.';
} else {
$username = trim($_POST['username']);
}
// Check if password is empty
if (empty(trim($_POST['password']))) {
$password_err = 'Please enter your pasword';
} else {
$password_err = trim($_POST['password']);
}
// Validate credentials
if(empty($username_err) && empty($password_err)) {
// Prepare a select statement
$sql = "SELECT username, password FROM myguests WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exist, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)) {
if(password_verify($password, $hashed_password)) {
/* Password is correct, so start a new session and save username to the session */
session_start();
$_SESSION['username'] = $username;
header("location: welcome.php"
;} else {
//Display error message if password is not valid
$password_err = 'The password you entered is not invalid.';
}
}
} else {
// Display error message if username doesn't exist
$username_err = 'No account found with that username.';
}
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}
// close statement
mysqli_stmt_close_($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="[maxcdn.bootstrapcdn.com];
<style type="text/css">
body {font: 14px sans-serif;}
.wrapper {width: 350px; padding: 20px;}
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username" class="form-control" value="<?php echo $username ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div>
</body>
</html>
Re: Password displaying generated password instead of entered password
Posted by:
Otomatic
(Moderator)
Date: September 20, 2017 02:45PM
Hi,
I repeat once again that this forum is not intended to debug PHP scripts or SQL queries from Wampserver users.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
I repeat once again that this forum is not intended to debug PHP scripts or SQL queries from Wampserver users.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Sorry, only registered users may post in this forum.
