Jump to content
Larry Ullman's Book Forums

Recommended Posts

Greetings!

I'm so stuck and perhaps you can help me..

(BTW, I'm using the most current versions of PHP 7.2.1) and MYSQL... 

Everything has been working great going through the lessons, however, once I get to the "Securing Passwords with PHP" portion I'm not getting the results that are expected in the chapter.. 

1) I've updated "site name" database as per the requirements (ALTER TABLE users MODIFY COLUMN) and wiping out passwords (UPDATE users SET pass = ' ';)

2) I've updated the "register.php" old 9.5 script to reflect the new 13.7 script; even going as far as copying/pasting and validating it was a match.. ensuring that the new changes/lines were there.. 

3) When I register a new user, it works; it's even showing in my database... 

4) I've updated 'login_functions.inc.php to 13.8 script. 

Now here is the issue:

 - I can't log in as it's showing:

Error!

The following error(s) occurred:
- The email address and password entered do not match those on file.

Please try again.

 

I can't figure out why this is happening; I see my new registration in the DB but I can't log in. I'm not sure what other information I need to provide, but that's what I have right now.. Please help :)
- I've walked away from it several times, even going all the way back to Chapter 12 and starting over to see if I've missed anything.. 

Thanks in advance.. I LOVE your book! this is the second edition I've bought! I love the latest!

Jim Hipolito

Link to post
Share on other sites

Hi Jim,

I'm not sure what technique you are using but since PHP 5.5+ there are PHP functions 'password_hash' to create a very strongly hashed password and 'password_verify' to check them.  You can see these if you Google for them.

I discussed this briefly with Larry a little while ago and he suggested using these.

Hope it helps.

Cheers

Link to post
Share on other sites

Hey Jim,
Thanks for the nice words! I really appreciate it. There was an error in the SQL file (from my GitHub downloads) that set the length as too short. Did you use that? Or, put another way, what's the length of the password column you're using?

Link to post
Share on other sites
  • 2 weeks later...

Hey nomadsoulkarma, yes it should be longer as stated in the book: you should use a varchar(256).

But the problem is the query :

$q = "SELECT user_id, first_name FROM users WHERE email='$e'";

And then you use :

if (password_verify($p, $row['pass']))

So it doesn't know the 'pass', that is why the login always fails.

You have to add to the query :

$q = "SELECT user_id, first_name, pass FROM users WHERE email='$e'";

Link to post
Share on other sites

Thank You Montoya49 and Larry.  I changed the Select statement as adivsed but I'm not sure where to put :

if (password_verify($p, $row['pass'])) Seems like it should go on line 46 in  login_functions.inc.php. So I put it in place of: if (empty($pass))    But when I login I get the undefined variable error message.  I does not say what variable is undefined.  Must be $p

So here's the script after I made the changes, can you tell me if it is correct? Thanks.

 

 

Edited by nomadsoulkarma
no reason
Link to post
Share on other sites

<?php # Script 12.2 - login_functions.inc.php
// This page defines two functions used by the login/logout process.

/* This function determines an absolute URL and redirects the user there.
 * The function takes one argument: the page to be redirected to.
 * The argument defaults to index.php.
 */
function redirect_user($page = 'index.php') {

    // Start defining the URL...
    // URL is http:// plus the host name plus the current directory:
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

    // Remove any trailing slashes:
    $url = rtrim($url, '/\\');

    // Add the page:
    $url .= '/' . $page;

    // Redirect the user:
    header("Location: $url");
    exit(); // Quit the script.

} // End of redirect_user() function.


/* This function validates the form data (the email address and password).
 * If both are present, the database is queried.
 * The function requires a database connection.
 * The function returns an array of information, including:
 * - a TRUE/FALSE variable indicating success
 * - an array of either errors or the database result
 */
function check_login($dbc, $email = '', $pass = '') {

    $errors = []; // Initialize error array.

    // Validate the email address:
    if (empty($email)) {
        $errors[] = 'You forgot to enter your email address.';
    } else {
        $e = mysqli_real_escape_string($dbc, trim($email));
    }

    // Validate the password:
    if (password_verify($p, $row['pass'])) {
        $errors[] = 'You forgot to enter your password.';
    } else {
        $p = mysqli_real_escape_string($dbc, trim($pass));
    }

    if (empty($errors)) { // If everything's OK.

        // Retrieve the user_id and first_name for that email/password combination:
        $q = "SELECT user_id, first_name, pass FROM users WHERE email='$e'";
        $r = @mysqli_query($dbc, $q); // Run the query.

        // Check the result:
        if (mysqli_num_rows($r) == 1) {

            // Fetch the record:
            $row = mysqli_fetch_array($r, MYSQLI_ASSOC);

            // Return true and the record:
            return [true, $row];

        } else { // Not a match!
            $errors[] = 'The email address and password entered do not match those on file.';
        }

    } // End of empty($errors) IF.

    // Return false and the errors:
    return [false, $errors];

} // End of check_login() function.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...