Why does password_verify in php/mysql not work? [duplicate] - php

This question already has an answer here:
How to get useful error messages in PHP?
29 answers
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
okay so I'm trying to make a login system, and i already have a username and password "the password is hashed" stored in mysql as well as an auto incrementing ID number, and when i use the right username and password the variable $pwdCheck goes to the false error handler, "I'm trying to get it to go past the $pwdCheck == false error handler and into the $pwdCheck == true error handler" i think it's probably just a typo or maybe i messed up a function before i made the $pwdCheck variable. -
the $conn variable is just connecting to the database
and $sql is just an sql statement -
-Dev
$sql = "SELECT userNID FROM user_list WHERE userNID=? OR userEID=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
// $row = mysqli_fetch_assoc($result);
if ($row = mysqli_fetch_assoc($result)) {
// $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$pwdCheck = password_verify($password, $row["userPID"]);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
header("Location: ../index.php?login=success");
exit();
}
else {
header("Location: ../index.php?error=wrongpassword");
exit();
}
}

Related

I keep getting Undefined index: kamar_id and Undefined index: kota_id so I'm kinda wondering if I did my script right? [duplicate]

This question already has an answer here:
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
How to display errors for my MySQLi query? [duplicate]
3 answers
<?php
include '../koneksi.php';
if(isset($_POST['submit_add'])){
$nama = $_POST['nama'];
$alamat = $_POST['alamat'];
$kamar_id = $_POST['kamar_id'];
$kota_id = $_POST['kota_id'];
$sql = "INSERT INTO penghuni (nama,alamat,kamar_id,kota_id) VALUES ('$nama','$alamat','$kamar_id','$kota_id')";
if(!$conn->query($sql))
die('Tambah Penghuni Gagal'.$sql);
else
header("Location: penghuni.php");
}
if(isset($_POST['submit_edit'])){
$id_old = $_POST['id_old'];
$kamar_id = $_POST['kamar_id'];
$kota_id = $_POST['kota_id'];
$nama = $_POST['nama'];
$alamat = $_POST['alamat'];
$sql = "UPDATE penghuni SET nama='$nama', alamat='$alamat', kamar_id='$kamar_id', kota_id='$kota_id' WHERE id='$id_old'";
if(!$conn->query($sql))
die('Update Penghuni Gagal'.$sql);
else
header("Location: penghuni.php");
}
// $id = $_GET['id'];
if(isset($_POST['submit_delete'])){
$id_old = $_POST['id_old'];
$sql = "DELETE FROM penghuni
WHERE id='$id_old';";
if (!$conn->query($sql))
die('Hapus Penghuni Gagal'.$sql);
else{
header("Location: penghuni.php");
exit();
}
}
?>

Set session variables to be used on profile.php page [duplicate]

This question already has an answer here:
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
the problem
my code
when I register via localhost the code is working, but when I uploaded the site
it gives me a lot of error I fixed most of them but there is one which session variables
this is my site if you want to see by your self .. go fill up the form and you will see the problem www.cancelliano.com
this is my register code
also please check the pic
<?php
$mysqli = mysqli_connect("myhost","myuser name","my pass","my database name");
>// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>
// Set session variables to be used on profile.php page
<?php
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['ty'] = $_POST['ty'];
$_SESSION['date'] = $_POST['date'];
$_SESSION['password'] = $_POST['password'];
>// Escape all $_POST variables to protect against SQL injections
$first_name = $mysqli->escape_string($_POST['first_name']);
$last_name = $mysqli->escape_string($_POST['last_name']);
$email = $mysqli->escape_string($_POST['email']);
$ty = $mysqli->escape_string($_POST['ty']);
$date = $mysqli->escape_string($_POST['date']);
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string( md5( rand(0,1000) ) );
>// Check if user with that email already exists
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'") or die($mysqli->error);
>// We know user email exists if the rows returned are more than 0
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");
}
else { // Email doesn't already exist in a database, proceed...
// active is 0 by DEFAULT (no need to include it here)
$sql = "INSERT INTO users ( first_name, last_name, email,ty,date, password, hash) "
. "VALUES ('$first_name','$last_name','$email','$ty','$date','$password', '$hash')";
// Add user to the database
if ( $mysqli->query($sql) ){
$_SESSION['active'] = 0; //0 until user activates their account with verify.php
$_SESSION['logged_in'] = true; // So we know the user has logged in
$_SESSION['message'] =
header("location: profile.php");
}
else {
$_SESSION['message'] = 'Registration failed!';
}
}
try including following code on top of everything, I don't see a session start in your code.
session_start();

Undefined index error on line 9 [duplicate]

This question already has an answer here:
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
<?php
session_start();
ob_start();
echo "0LIV3R 's first game";
require("DatabaseObject.php");
require("databaseVars.php");
$database= new DatabaseObject($host, $username, $password, $database);
if(!isset($_SESSION['user_id']) && $_POST['login'])
{
$username=$database->clean($_POST['username']);
$password=$database->clean($_POST['password']);
$result = $database->query("SELECT 'id','username','password' FROM 'users' WHERE 'username'='$username' LIMIT 1");
try{
if($database->num_rows($result) == 0){
throw new Exception('User doesnot exist!');
}
$user = $database->fetch($result);
if(md5($password) != $user['password']){
throw new Exception('Invalid username/password!');
}
$_SESSION['user_id'] = $user['id'];
}catch (Exception $e){
echo $e->getMessage();
}
}
/*DISPLAY*/
//echo"<h3 style='text-align:center;'>WAR LEGENDS</h3>";
$output = ob_get_clean();
require('templates/header.php');
echo "<p style='text-align:center;'>". $output ."</p>";
if(!isset($_SESSION['user_id'])){
//require('templates/layout.php');
echo "Welcome to War Legends<br/>";
}
else{
echo"<form action='./' method='POST'>
Username: <input type='text' name='username'/><br/>
password: <input type='password' name='password'/><br/>
<input type='submit' name='login' value='Register'/>
</form>";
}
require('templates/footer.php');
?>
i was trying to code online rpg login and got error in index i cant find a solution pls help
this is my code and i donno how to fix this
( ! ) Notice: Undefined index: login in C:\wamp\www\myrpg\index.php on line 9
this is error
It means that the array $_POST doesn't has an element named login. So please check why this happens. Probably it is because the posted form doesn't have this.
In your First if you are using $_POST['login'] - try using it with !empty() or isset() function like this: !empty($_POST['login'])

php error when using get request [duplicate]

This question already has an answer here:
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
I am trying to select and insert into a database with PDO. When I pass my parameters in the url it works perfectly. But when there is nothing in the url, i get 2 errors.
Notice: Undefined index: username in C:\wamp64\www\MT\magiclogin.php on line 19
Notice: Undefined index: password in C:\wamp64\www\MT\magiclogin.php on line 20
Post works perfectly but i want to send it through the url and remove the html. But every time i reload the page i get the error. Here is my code
<?php
if($_SERVER['REQUEST_METHOD'] =="GET"){
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
$username = trim($_GET['username']);
$password = trim($_GET['password']);
$stmt = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
$stmt->execute(array($username));
if($row = $stmt->fetch()){
$hashedPassword = md5(md5($row['user_id']).$_GET['password']);
if($hashedPassword == $row['password']){
$token = md5(uniqid(mt_rand(), true));
$stmtTokenCheck = $handler->prepare("SELECT * FROM token_table WHERE token = ?");
$stmtTokenCheck->execute(array($token));
if($rowToken = $stmtTokenCheck->fetch()){
$token = md5(uniqid(mt_rand(), true));
}
$time = time();
$stmt = $handler->prepare("INSERT INTO token_table (timestamp, user_id, token)VALUES(?, ?, ?)");
$stmt->execute(array($time, $row['user_id'], $token));
echo json_encode([
"timestamp" => $time,
"token" => $token,
"fullname" => $row['fullname'],
"username" => $row['username'],
"email" => $row['email']
]);
}else{
die("Password or Username entered is incorrect!");
}
}else{
die("Password or Username entered is incorrect!");
}
}
?>
If there is no username or password arguments in the url query (The portion of the url that comes after ?) then your $_GET array will be empty.
You should check that these arguments are not empty before trying to do logic with them:
if (!empty($_GET['username']) && !empty($_GET['password')) {
// trim and db stuff here
}
Also must note that it is not secure to send a password through the url query. Further, md5 is not sufficient for encrypting passwords. Look into PHP's password_hash function.
What if you try this in your first line:
if(isset($_GET['username']) && isset($_GET['password'])) {
...
instead of if($_SERVER['REQUEST_METHOD'] =="GET"){

I don't know what's wrong with my code. I'm a newbie. The prob is - Notice: Undefined variable: result [duplicate]

This question already has an answer here:
“Notice: Undefined variable”, “Notice: Undefined index”, and “Notice: Undefined offset” using PHP
28 answers
When I save info. I works fine. No errors and databse is saved. But when I enter something in database which already exists like firstname(to check if uniqueness works). It gives the following NOTICE and also echo the message - "Username taken." . I made many changes but no results, Thanks in adcance
<?php
require_once('includes/database.php');
require_once('includes/user.php');
require_once('includes/functions.php');
require_once('includes/session.php');
?>
<?php
if(isset($_POST['submit'])){ //Form submitted
$username = $database->escape_value($_POST['vnumber']);
$firstname = $database->escape_value($_POST['fname']);
$lastname = $database->escape_value($_POST['lname']);
$email = $database->escape_value($_POST['email']);
$password = $database->escape_value($_POST['password']);
$password = md5($password);
//Check fields aren't empty
if (empty($username)){
echo "Please fill in username";
} else if (empty($firstname)){
echo "Cannot be blank";
} else if(empty($lastname)){
echo "Cannot be blank";
} else if(empty($email)){
echo "Cannot be blank";
} else if (empty($password)){
echo "Cannot be blank";
} else {
//Checking uniqueness of username
$query = mysql_query("SELECT * FROM user_info WHERE fname='$firstname'");
$rows = mysql_num_rows($query);
if ($rows == 1){
echo "Username taken !";
} else {
//If rows = 0. Fields not empty. Data can be saved.
$result ="";
global $database;
$sql = "INSERT INTO user_info (vnumber, fname, lname, email, password) VALUES
('$username', '$firstname', '$lastname', '$email', '$password')";
$result = $database->query($sql);
}
if($result){
die( "Regisgtration success !");
} else {
die("Something went wrong !");
}
}
}
?>
$result is not defined before (the if statement above does not count for this), that's why you get this notice.
On top of your script, initialize
$result = FALSE;
and everythig is fine.
$result is unset because $rows == 1 for sure. So it fails at if ($result) as you don't create the $result variable before, nor set it in the if block.
There are many guides on the Internet to learn how to handle PhP errors, where do they come form, how to solve them, etc ... check it out, it won't be the last time this happens to you !

Resources