i creating login , registration system in php. using php's password_hash , password_verify functions in same class.
every time try , check password returns false.
my sql password row set text.
here user class creating , logging users in.
<?php /** * */ class user { private $pdo; function __construct() { # code... } public function newuser($username, $email, $password) { global $pdo; //check if username taken $checkusername = $this->checkusername($username); if (!$checkusername) { $checkemail = $this->checkemail($email); if (!$checkemail) { $hashpass = password_hash($password, password_default); if ($hashpass) { $upload = $pdo->prepare("insert users (username, password, email) values (:username, :password, :email)"); $upload->execute(array(":username"=>$username, ":password"=>$hashpass, ":email"=>$email)); if ($upload) { return true; }else{ return false; } } }else{ return false; } }else{ return false; } return false; //check if email in use //hash password //uplaod user } public function checkusername($username) { global $pdo; $sql = $pdo->prepare("select username users username = :username limit 1"); $sql->execute(array(":username"=>$username)); $rows = $sql->fetchcolumn(); if ($rows) { return true; }else{ return false; } return false; } public function checkemail($email) { global $pdo; $sql = $pdo->prepare("select email users email = :email limit 1"); $sql->execute(array(":email"=>$email)); $rows = $sql->fetchcolumn(); if ($rows) { return true; }else{ return false; } return false; } public function loggedin() { if (isset($_session['username'])) { if ($_session['username'] !== "anonymous") { if ($_session['loggedin']) { return true; }else{ return false; } }else{ return false; } }else{ return false; } return false; } public function login($username, $password) { global $pdo; if (!empty($username) && !empty($password)) { //check if username exists $checkusername = $this->checkusername($username); if ($checkusername) { //get db pass $dbpass = $pdo->prepare("select password users username = :username limit 1"); $dbpass->execute(array(":username"=>$username)); $pass = $dbpass->fetchcolumn(); //verify password if ($pass) { $verify = password_verify($password, $pass); if ($verify) { return true; }else{ return "5"; } }else{ return "4"; } }else{ return "3"; } }else{ return "2"; } return "1"; } }
the return; 1,2,3,4,5 debugging see goes wrong, returns 5. if register , user, logout , logout.
p.s, if has security tips code, please comment them!
thanks!
Comments
Post a Comment