Checking if encrypted password matches the input one - PHP/MySQL

Question

So basically what I am trying to do is verifying password match on login submit. But it fails... On registration submit I ecnrypt the user password using crypt() and it stores into the database without problems.

My database has a table users with 6 rows ID / Name / Surname / Login / Password / Email

On login submit I check if user exists by Login and it succedes and then check the password and here is where it fails, I do not know where the problem is, cause I have tested this script once on another server and it worked...magic happens... Any help would be appreciated, maybe something I could optimize or is there something I did wrong while copy/pasting the code from the other file and I cannot see it

login.php

 <?php
    session_start();

    require ('./include/connect.php');

    if(isset($_POST['logBtn']))
    {
        $login = mysqli_real_escape_string($connect, $_POST['login']);
        $pass = mysqli_real_escape_string($connect, $_POST['pass']);

        $sql = "SELECT * FROM `users` WHERE `Login` = '".$login."'";
        $result = mysqli_query($connect, $sql);
        $row = $result->fetch_array();

        $db_pass = $row['Password'];
        $hashed_pass = crypt($pass, $db_pass);

        if($result->num_rows > 0)
        {   
            if($hashed_pass == $db_pass)
            {
                echo "<script>alert('You have successfully logged in!')</script>";
                echo "<script>window.open('welcome.php','_self')</script>";
                $_SESSION['user'] = $login;
            }

            else
            {
                echo "<script>alert('Wrong login or password!')</script>";
            }
        }

        else
        {
            echo "<script>alert('No users with such login found in the database!')</script>";
        }
    }

    mysqli_close($connect);
?>

<!DOCTYPE html>

<html>
<body>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login</title>

<link rel="stylesheet" type="text/css" href="css/style.css">
<script src="./scripts/go_back.js"></script>
</head>

<div class="login">
    <form action="login.php" align="center" method="post">
        <br>
        <input type="text" name="login" placeholder="Login" required oninvalid="this.setCustomValidity('Enter login!')" oninput="setCustomValidity('')" />
        <br><br>
        <input type="password" name="pass" placeholder="Password" required oninvalid="this.setCustomValidity('Enter password!')" oninput="setCustomValidity('')" />
        <br><br>
        <button class="back_btn" onclick="goBack()">Go back</button> 

        <input class="login_btn" type="submit" name="logBtn" value="Log In">
        <br><br>
    </form>
    <a href="register.php"><button class="no_acc_btn">I do not have an account</button></a>
</div>

</body>
</html>

This calls for step-by-step debugging rather than a question on Stack Overflow. — Pekka, Dec 23 '15 at 21:37
The system may not support the algorithm you used. Please try put `echo "$hashed_pass || $db_pass";` below and see the differences.between them. — Matt, Dec 23 '15 at 21:38

score 0 · Answer 1 · edited May 23 '17 at 12:30

0

Get the database to do it:

SELECT COUNT(*) FROM USERS WHERE LGIJ = ? AND PASSWORD = f(?)

where f() is whatever database function you used to store the password in the first place. If the result is 1, there is such a user: if zero, there isn't.

But don't encrypt passwords. There are company-breaking legal reasons why not. Use a hash function and a salt.

edited May 23 '17 at 12:30

Community

1
1

answered Dec 23 '15 at 22:32

user207421

289,834
37
266
440

ok, I figured out the problem. The length of Password row was not enough to store the hashed password. – Max775 Dec 24 '15 at 09:49

Checking if encrypted password matches the input one - PHP/MySQL

1 Answers1