1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:31 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Login form not working after hashing

         

Gilead

7:39 pm on Nov 15, 2017 (gmt 0)

10+ Year Member



Since php has changed, I'm back top square one in some respect. This is likely a very common question, but after two days, I can't find an answer.
I wrote a script to add a new user. It generates a random password that is inserted into the database, then sends an email with the information to the new user. The link in the email goes to a place to update the information with a new password and a security question. Trouble is after the new password is hashed, it doesn't recognize the input when logging in.

Update User script 
<?PHP

include('dbconfig.php');

$username=$_POST['username'];
$oldpassword=$_POST['oldpassword'];
$newpassword= password_hash($oldpassword,PASSWORD_DEFAULT);
$security=$_POST['security'];

echo $username."<br />";
echo $newpassword."<br />";
echo $security."<br />";

//check if username and password are correct
$sql="SELECT * FROM users WHERE UserName = '$username' AND Password= '$oldpassword'";

 $result= mysqli_query($connection, $sql)or die("Cannot find your login credentials " . mysql1_error());
 
 if(mysqli_num_rows($result) >0) 
 {
  $sql= "UPDATE users SET SecurityQuestion='$security', Password='$newpassword' WHERE UserName='$username'";
   $result=mysqli_query($connection, $sql);
    
   echo "Your Data has been Updated!";
   exit;
 
 }
 
else 
{
 echo("You do not have Admin Crededials. Please see your system administrator.");
exit;
}


?>


Here is the login script: 
<?PHP
include('dbconfig.php');
 
 $username=$_POST['username'];
 $password=$_POST['password'];
 $table="users";
 echo $username;
 echo $password;
 
 
 $sql= "SELECT * FROM $table WHERE UserName='$username'"; 


  $result = mysqli_query($connection,$sql);
  $row = mysqli_fetch_assoc($result);
  echo "stored password is: " . password_verify($password, $row['Password']); This is blank when echoed out. I checked the database and it was indeed changed.
  if (password_verify($password, $row['Password']))
  {
   echo"You're IN!";
      
  }
  else
  {
    echo 'Your entered username or password is incorrect';
  } 
 
?>


What am I doing wrong here? Thanks!

mack

10:39 pm on Nov 25, 2017 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



No php expert, but the first thing I would do is echo some variables for debugging purposes. For example, if the password is stored on MySQL as a hashed value, you need to hash the user input before comparing it. You could try "echoing" it on the page just to make sure the value on the screen matches the value in MySQL.

Hopefully, someone with more understanding will come along and offer some more help.

Mack.

Gilead

8:21 pm on Nov 27, 2017 (gmt 0)

10+ Year Member



I was able to get it working. Part of the problem was I was masking the password input field, which for some reason sent the data through as all asterisks.
Thanks for the help Mack!

mack

12:20 am on Nov 29, 2017 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



That's strange browser behaviour!

Glad you were able to get it working.

Mack.

Gilead

5:54 pm on Nov 29, 2017 (gmt 0)

10+ Year Member



In this case, it was being sent from a c# script and the UI was masking the input field.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:31 pm Apr 27, 2026