Highlighted

unable to use password_verify in my site.......

Community Beginner ,
Dec 20, 2017

Copy link to clipboard

Copied

i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help

my code for inserting password in database

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

                       GetSQLValueString($epass, "text"),

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

and now my code for log in...which is not working...!

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

     $loginStrGroup = "";

   

  if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

i have also tried this code but stlii nothing happening ...

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

$row = mysql_fetch_assoc($LoginRS);

$stored_password = $row['password'];

if(password_verify($_POST['password_input'], $stored_password)) {

if ($loginFoundUser) {

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.

iamdpk  wrote

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u

Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)

Change the database connection details - 'server_name' , 'username' , 'password' , 'database_name' - to those of your own in the $conn string

REGISTRATION FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$hashPassword = password_hash($password,PASSWORD_DEFAULT);

$sql = "insert into test (username, password) value('".$username."', '".$hashPassword."')";

$result = mysqli_query($conn, $sql);

if($result)

{

echo "Registration successfully";

}

}

?>

<h1>Registration Form</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="User Name">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

LOGIN FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$get_username = $conn->query("SELECT * from test where username = '".$username."'") or die($conn->error);

$row = $get_username->fetch_assoc();

$num_rows = $get_username->num_rows;

if($num_rows  == 1){

if(password_verify($password, $row['password'])){

// success go to (change as required)

header('Location: http://www.bbc.co.uk');

}

else{

// failure go to (change as required)

header('Location: http://www.itv.co.uk');

}

}

else{

echo "No User found";

}

}

?>

<h1>Login</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="UserName">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

TOPICS
Learn Dreamweaver

Views

1.9K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

unable to use password_verify in my site.......

Community Beginner ,
Dec 20, 2017

Copy link to clipboard

Copied

i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help

my code for inserting password in database

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

                       GetSQLValueString($epass, "text"),

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

and now my code for log in...which is not working...!

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

     $loginStrGroup = "";

   

  if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

i have also tried this code but stlii nothing happening ...

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password=$_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $lpass = password_verify('$password', $row_p['pass']);

  $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));

  

  $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

$row = mysql_fetch_assoc($LoginRS);

$stored_password = $row['password'];

if(password_verify($_POST['password_input'], $stored_password)) {

if ($loginFoundUser) {

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.

iamdpk  wrote

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u

Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)

Change the database connection details - 'server_name' , 'username' , 'password' , 'database_name' - to those of your own in the $conn string

REGISTRATION FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$hashPassword = password_hash($password,PASSWORD_DEFAULT);

$sql = "insert into test (username, password) value('".$username."', '".$hashPassword."')";

$result = mysqli_query($conn, $sql);

if($result)

{

echo "Registration successfully";

}

}

?>

<h1>Registration Form</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="User Name">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

LOGIN FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$get_username = $conn->query("SELECT * from test where username = '".$username."'") or die($conn->error);

$row = $get_username->fetch_assoc();

$num_rows = $get_username->num_rows;

if($num_rows  == 1){

if(password_verify($password, $row['password'])){

// success go to (change as required)

header('Location: http://www.bbc.co.uk');

}

else{

// failure go to (change as required)

header('Location: http://www.itv.co.uk');

}

}

else{

echo "No User found";

}

}

?>

<h1>Login</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="UserName">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

TOPICS
Learn Dreamweaver

Views

1.9K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 20, 2017 0
Adobe Community Professional ,
Dec 20, 2017

Copy link to clipboard

Copied

Please tell me you're not using the deprecated server-behaviors panels for this.  Those panels were removed from DW for a reason.  The code is not secure and it won't work on servers running PHP7 or higher.

Nancy

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 0
Community Beginner ,
Dec 20, 2017

Copy link to clipboard

Copied

Yes i m using server behavior. .. I don't know how to use server side...! 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 0
Adobe Community Professional ,
Dec 20, 2017

Copy link to clipboard

Copied

DMX Zone has modern commercial extensions to replace the deprecated SB panels in DW.

https://www.dmxzone.com/go/32980/creating-a-complete-login-system-with-dmxzone-security-provider

Or see link below for a coding tutorial:

Simple User Registration & Login Script in PHP and MySQLi | All PHP Tricks

Nancy

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 2
Community Beginner ,
Dec 20, 2017

Copy link to clipboard

Copied

Thanks for the suggestion... I ll look to this in future... But still I m working with this... So I need this code solved

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 0
Adobe Community Professional ,
Dec 20, 2017

Copy link to clipboard

Copied

You should not use this code.  It's not secure & it won't work on PHP 7 servers.

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 1
Community Beginner ,
Dec 20, 2017

Copy link to clipboard

Copied

I m using 5.4 php server

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

iamdpk  wrote

I m using 5.4 php server

I think the password_hash function was only introduced in php 5.5

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Adobe Community Professional ,
Dec 21, 2017

Copy link to clipboard

Copied

In addition to osgood_'s answer, please see Securely Hash Passwords with PHP — Jonathan Suh


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Adobe Community Professional ,
Dec 20, 2017

Copy link to clipboard

Copied

Which version of PHP are you working with?


Ben

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 20, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

Pls someone... Solve my problem...! Without telling me about other things or advice.... (don't mind)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

That's just it.  I don't think, given your current setup, that it can be "solved", at least not the way you hope.

From what I've read, so far, you can upgrade to PHP 5.5 to use the code that you have been advised to not use, or you can learn how to code and do it a proper way.  No one is trying to punish you or make your life miserable.  But advice, decent advise, has been provided.  It's up to you on where to go from here.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

I have to buy dreamweaver cc for that! I m using dreamweaver cs6

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

I'm no fan of DW CC, believe me.  But if you are going to use CS6, then learn to code and build it manually.  I don't see any other options.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Adobe Community Professional ,
Dec 21, 2017

Copy link to clipboard

Copied

No, you don't need to buy CC to work with PHP 5.5 and up.

DWCC has no server behavior panel what-so-ever, it was removed due to the outdated/incorrect code it generated back in CS6 and earlier.

What you do need is either someone who can code to modern standards (this can be you, if you choose to learn how), or one of the paid extensions (that are also compatible with CS6) to bring your version of the program into the modern era.

If you had CC, you would still need one of those two things.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

iamdpk  wrote

I have to buy dreamweaver cc for that! I m using dreamweaver cs6

If you want to be able to use password_hash and password_verify then I would first see if you have access to php version 5.5+

Is this a remote server you are working with or a local server? You should really have a local server testing environment set up like MAMP or XAMPP - both those will have later versions of php and are freely available to download, so you can test your code, then it would be up to your remote host to move you onto something more advanced than php 5.4

However IF you intend to use the DW Server Behaviours, which I do not advise, you should NOT be upgrading to php version 7, as they wont work, php 5.6 still supports them...I dont think there was a php 6.00 version, it jumped to version 7.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

I m working on xamp local server

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

And my hosting server is set on 5.4 php.(which I can change)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

Once you have upgraded your php to something higher than 5.4 BUT NOT 7 change your query string to as below:

$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

GetSQLValueString($loginUsername, "text"));

$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

Then change this line of code:

if(password_verify($_POST['password_input'], $stored_password)) {

To this line of code:

if(password_verify($password, $row['pass'])) {

The below is what you new code should now look like:

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password = $_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-1.php?u=s";

  $MM_redirectLoginFailed = "Untitled-1.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

  GetSQLValueString($loginUsername, "text"));

   $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

if(password_verify($password, $row['pass'])){

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;       

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

not working bro...tried as u instructed, but still it sending me to u=f

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

Then you have something wrongly set up as the code has been tried and tested.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

take a look at this code, is there something wrong in this....

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",

                       GetSQLValueString($epass, "text"),

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

}

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Adobe Community Professional ,
Dec 21, 2017

Copy link to clipboard

Copied

PHP 5.4 won't work.

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

i m working on

PHP Version 5.6.28

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

Have a look at what is being passed into your database from  the registration form as l dont see any username, just the password.

I guess post hh might be the username. It would serve you well to use something more descriptive than a couple of letters.

I could post a more modern approach to a registration and login solution but l somehow think that would be a waste of time as its not really coming across that you would know what to do with it.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

Where are you setting $database_infinityo and $infinityo?

Is $_POST['hhh'] the password, and $_POST['hh'] the username?

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

yep

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

WolfShade  wrote

Where are you setting $database_infinityo and $infinityo?

They are pulled from a connection file that DW automatically produces.

No wonder the server behaviours were put to bed. Its the most chaotic code l think lve ever come across, still we are talking DW engineers who seem to excel in failure or producing vastly exaggerated coding to do the most basic of operations.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
LEGEND ,
Dec 21, 2017

Copy link to clipboard

Copied

iamdpk  wrote

noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u

Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)

Change the database connection details - 'server_name' , 'username' , 'password' , 'database_name' - to those of your own in the $conn string

REGISTRATION FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$hashPassword = password_hash($password,PASSWORD_DEFAULT);

$sql = "insert into test (username, password) value('".$username."', '".$hashPassword."')";

$result = mysqli_query($conn, $sql);

if($result)

{

echo "Registration successfully";

}

}

?>

<h1>Registration Form</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="User Name">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

LOGIN FORM:

<?php

// make connection to database

$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');

?>

<?php

if(isset($_POST['submit'])){

$username = $conn->real_escape_string($_POST['username']);

$password = $conn->real_escape_string($_POST['password']);

$get_username = $conn->query("SELECT * from test where username = '".$username."'") or die($conn->error);

$row = $get_username->fetch_assoc();

$num_rows = $get_username->num_rows;

if($num_rows  == 1){

if(password_verify($password, $row['password'])){

// success go to (change as required)

header('Location: http://www.bbc.co.uk');

}

else{

// failure go to (change as required)

header('Location: http://www.itv.co.uk');

}

}

else{

echo "No User found";

}

}

?>

<h1>Login</h1>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="username" value="" placeholder="UserName">

<input type="password" name="password" value="" placeholder="Password">

<input type="submit" name="submit" value="Submit" />

</form>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
iamdpk LATEST
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

Thank u so much... God bless u... Merry Christmas!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

it is very costly to use server side , dmxzone extensions are very costly for me... i cant afford them, now i have only one way and that is the way i m using now...

i just want to store pass in secured way,

i dont know that much programing,

i dont have money!,

dont have time to learn new progamming language...

so ... dont know what to do now.... i dont wanna give up on this stage.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0
Adobe Community Professional ,
Dec 21, 2017

Copy link to clipboard

Copied

iamdpk  wrote

i just want to store pass in secured way,

i dont know that much programing,

i dont have money!,

dont have time to learn new progamming language...

You sure have a lot of excuses for not learning to code.  Osgood generously gave you some new code to work with.  Learn from it.

Nancy

Nancy O'Shea, ACP
Alt-Web.com

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 1
Community Beginner ,
Dec 21, 2017

Copy link to clipboard

Copied

page to enter details to database

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {

  $pass = $_POST['hhh'];

  $epass = password_hash('$pass',PASSWORD_DEFAULT);

  $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES ('".$epass."' , %s)",

                       GetSQLValueString($_POST['hh'], "text"));

  mysql_select_db($database_infinityo, $infinityo);

  $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());

  $insertGoTo = "Untitled-2.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml 1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>test 1</title>

<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>

<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>

<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />

<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />

</head>

<body>

1

<form action="<?php echo $editFormAction; ?>" name="form" method="POST"><input name="hh" type="text"  /><input name="hhh" type="text"  /><input name="" type="submit" />

  <input type="hidden" name="MM_insert" value="form" />

</form>

</body>

</html>

page to verify login

<?php require_once('Connections/infinityo.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

?>

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['un'])) {

  $loginUsername=$_POST['un'];

  $password = $_POST['pass'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "Untitled-2.php?u=s";

  $MM_redirectLoginFailed = "Untitled-2.php?u=f";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_infinityo, $infinityo);

  $LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",

  GetSQLValueString($loginUsername, "text"));

   $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());

$row = mysql_fetch_assoc($LoginRS);

if(password_verify($password, $row['pass'])){

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;      

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>test 2</title>

</head>

<body>

2

<form ACTION="<?php echo $loginFormAction; ?>" name="2" method="POST"><input name="un" type="text" /><input name="pass" type="text" /><input name="" type="submit" /></form>

<?php

$ep = '$2y$10$UTjqDavj0jdz5rRNz032EO0Eb3kNOHXFmjJCPQ8p6Zltw8sYZIlbe';

if (password_verify('wsx', $ep )) {

    echo 'Password is valid!';

} else {

    echo 'Invalid password.';

}

?>

</body>

</html>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 21, 2017 0