Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Daniel Silva
Daniel Silva
5,353 Points
Posted by Daniel Silva
Daniel Silva
5,353 Points

PHP Username/Password Authentication.

I'm trying to create a simple username and password form with PHP and MySQL. When I create a username and password, it shows up in the database. When I try to login with that same username/password I get an error. I'm not sure why? Below is my code for the loginVerify.php file

<?php
session_start();

unset($_SESSION['badPass']);

//username and passowrd sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

//Connect to server and select datbase
require_once '../DatabaseConnection/dbconnect.php';

//protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = $con->real_escape_string($myusername);
$mypassword = $con->real_escape_string($mypassword);

//hashing
$hashedPassword = hash("ripemd128", $mypassword);

$sql = "SELECT * FROM `users` WHERE `username`='$myusername' AND `password`='$hashedPassword'";

$result = $con->query($sql);

if (!$result) {
    $message = "whole query " . $sql;
    echo $message;
    die('Invalid query: ' . mysqli_errno($con));
}

//if result matched $mysername and $mypassword, table row must be 1 row
if (mysqli_num_rows($result) == 1) {
    $_SESSION['user'] = $myusername;
    $_SESSION['password'] = $hashedPassword;

    //Register $myusername, $mypassword and redirect to file "welcome.php"
    header("Location:welcome.php");   
} else {
    header("Location:login.php");
    $_SESSION['badPass']++;
    echo "Wrong Username or Password";
}
?>

This is the PHP code I have on the login.php file.

 <td>Password</td>
                        <td>:</td>
                        <td><input name="mypassword" type="password" id="mypassword">
                           <?php
                            if (isset($_SESSION['badPass'])) {
                                echo "Wrong User Name or Password";
                                unset($_SESSION['badPass']);
                            }
                             ?>
                        </td>

1 Answer

Sheldon Reiff
Sheldon Reiff
12,765 Points
Sheldon Reiff
Sheldon Reiff
12,765 Points

To get a definitive answer, you'll have to post the code you are using to add the username and password to the database. The password will have to hashed in the same way you are doing with $hashedPassword = hash("ripemd128", $mypassword); before inserting to the database.

password_hash and password_verify are now the better and more secure options for handling passwords but this is fine for learning purposes.