Skip to main content
iamdpk
iamdpk
Known Participant
December 20, 2017
Answered

unable to use password_verify in my site.......

  • December 20, 2017
  • 5 replies
  • 3763 views

i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help

my code for inserting password in database

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

                       GetSQLValueString($epass, "text"),

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

and now my code for log in...which is not working...!

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

     $loginStrGroup = "";

   

  if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

i have also tried this code but stlii nothing happening ...

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

$row = mysql_fetch_assoc($LoginRS);

$stored_password = $row['password'];

if(password_verify($_POST['password_input'], $stored_password)) {

if ($loginFoundUser) {

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.

This topic has been closed for replies.
Correct answer osgood_

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u


iamdpk  wrote

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u

Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)

Change the database connection details - 'server_name' , 'username' , 'password' , 'database_name' - to those of your own in the $conn string

REGISTRATION FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$hashPassword = password_hash($password,PASSWORD_DEFAULT);

$sql = "insert into test (username, password) value('".$username."', '".$hashPassword."')";

$result = mysqli_query($conn, $sql);

if($result)

{

echo "Registration successfully";

}

}

?>

<h1>Registration Form</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="User Name">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

LOGIN FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$get_username = $conn->query("SELECT * from test where username = '".$username."'") or die($conn->error);

$row = $get_username->fetch_assoc();

$num_rows = $get_username->num_rows;

if($num_rows  == 1){

if(password_verify($password, $row['password'])){

// success go to (change as required)

header('Location: http://www.bbc.co.uk');

}

else{

// failure go to (change as required)

header('Location: http://www.itv.co.uk');

}

}

else{

echo "No User found";

}

}

?>

<h1>Login</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="UserName">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

5 replies

iamdpk
iamdpkAuthor
Known Participant
December 21, 2017

page to enter details to database

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES ('".$epass."' , %s)",

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

  $insertGoTo = "Untitled-2.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml 1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>test 1</title>

<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>

<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>

<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />

<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />

</head>

<body>

1

<form action="<?php echo $editFormAction; ?>" name="form" method="POST"><input name="hh" type="text"  /><input name="hhh" type="text"  /><input name="" type="submit" />

  <input type="hidden" name="MM_insert" value="form" />

</form>

</body>

</html>

page to verify login

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

?>

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password = $_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-2.php?u=s";

  $MM_redirectLoginFailed = "Untitled-2.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

  GetSQLValueString($loginUsername, "text"));

   $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

if(password_verify($password, $row['pass'])){

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;      

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>test 2</title>

</head>

<body>

2

<form ACTION="<?php echo $loginFormAction; ?>" name="2" method="POST"><input name="un" type="text" /><input name="pass" type="text" /><input name="" type="submit" /></form>

<?php

$ep = '$2y$10$UTjqDavj0jdz5rRNz032EO0Eb3kNOHXFmjJCPQ8p6Zltw8sYZIlbe';

if (password_verify('wsx', $ep )) {

    echo 'Password is valid!';

} else {

    echo 'Invalid password.';

}

?>

</body>

</html>

iamdpk
iamdpkAuthor
Known Participant
December 21, 2017

it is very costly to use server side , dmxzone extensions are very costly for me... i cant afford them, now i have only one way and that is the way i m using now...

i just want to store pass in secured way,

i dont know that much programing,

i dont have money!,

dont have time to learn new progamming language...

so ... dont know what to do now.... i dont wanna give up on this stage.

Nancy OShea
Community Expert
Nancy OSheaCommunity Expert
Community Expert
December 21, 2017

iamdpk  wrote

i just want to store pass in secured way,

i dont know that much programing,

i dont have money!,

dont have time to learn new progamming language...

You sure have a lot of excuses for not learning to code.  Osgood generously gave you some new code to work with.  Learn from it.

Nancy

Nancy O'Shea— Product User & Community Expert
    iamdpk
    iamdpkAuthor
    Known Participant
    December 21, 2017

    Pls someone... Solve my problem...! Without telling me about other things or advice.... (don't mind)

    WolfShade
    WolfShade
    Legend
    December 21, 2017

    That's just it.  I don't think, given your current setup, that it can be "solved", at least not the way you hope.

    From what I've read, so far, you can upgrade to PHP 5.5 to use the code that you have been advised to not use, or you can learn how to code and do it a proper way.  No one is trying to punish you or make your life miserable.  But advice, decent advise, has been provided.  It's up to you on where to go from here.

    V/r,

    ^ _ ^

    iamdpk
    iamdpkAuthor
    Known Participant
    December 21, 2017

    I have to buy dreamweaver cc for that! I m using dreamweaver cs6

    iamdpk
    iamdpkAuthor
    Known Participant
    December 20, 2017

    Thanks for the suggestion... I ll look to this in future... But still I m working with this... So I need this code solved

    Nancy OShea
    Community Expert
    Nancy OSheaCommunity Expert
    Community Expert
    December 20, 2017

    You should not use this code.  It's not secure & it won't work on PHP 7 servers.

    Nancy O'Shea— Product User & Community Expert
    iamdpk
    iamdpkAuthor
    Known Participant
    December 21, 2017

    I m using 5.4 php server

    Nancy OShea
    Community Expert
    Nancy OSheaCommunity Expert
    Community Expert
    December 20, 2017

    Please tell me you're not using the deprecated server-behaviors panels for this.  Those panels were removed from DW for a reason.  The code is not secure and it won't work on servers running PHP7 or higher.

    Nancy

    Nancy O'Shea— Product User & Community Expert
    iamdpk
    iamdpkAuthor
    Known Participant
    December 20, 2017

    Yes i m using server behavior. .. I don't know how to use server side...! 

    Nancy OShea
    Community Expert
    Nancy OSheaCommunity Expert
    Community Expert
    December 20, 2017

    DMX Zone has modern commercial extensions to replace the deprecated SB panels in DW.

    https://www.dmxzone.com/go/32980/creating-a-complete-login-system-with-dmxzone-security-provider

    Or see link below for a coding tutorial:

    Simple User Registration & Login Script in PHP and MySQLi | All PHP Tricks

    Nancy

    Nancy O'Shea— Product User & Community Expert
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices