-1

When I try to connect with the true credentials I got some error with "Username and Password are not found"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page PHP Script</title>
    <style type="text/css">
    body
    {
        font-family:Arial, Helvetica, sans-serif;
        font-size:14px;
    }
    label
    {
        font-weight:bold;
        width:100px;
        font-size:14px;
    }
    .box
    {
        border:1px solid #006D9C;
        margin-left:10px;
        width:60%;
    }
    .submit{
        border:1px solid #006D9C;
        background-color:#006D9C;
        color:#FFFFFF;
        float:right;
        padding:2px;
    }
    </style>
</head>
<body bgcolor="#FFFFFF">

    <div align="center">
        <div class="tLink"><strong>Login Detail:</strong></div><br />
        <div style="width:300px; border: solid 1px #006D9C; " align="left">
            <?php
                if(isset($errMsg)){
                    echo '<div style="color:#FF0000;text-align:center;font-size:12px;">'.$errMsg.'</div>';
                }
            ?>
            <div style="background-color:#006D9C; color:#FFFFFF; padding:3px;"><b>Login</b></div>
            <div style="margin:30px">
                <form action="" method="post">
                    <label>Username  :</label><input type="text" name="username" class="box"/><br /><br />
                    <label>Password  :</label><input type="password" name="password" class="box" /><br/><br />
                    <input type="submit" name='submit' value="Submit" class='submit'/><br />
                </form>
            </div>
        </div>
    </div>
</body>
</html>

PHP

<?php
session_start();

//DB configuration Constants
define('_HOST_NAME_', '127.0.0.1');
define('_USER_NAME_', 'root');
define('_DB_PASSWORD', '');
define('_DATABASE_NAME_', 'ads_database');

//PDO Database Connection
try {
    $databaseConnection = new PDO('mysql:host='._HOST_NAME_.';dbname='._DATABASE_NAME_, _USER_NAME_, _DB_PASSWORD);
    $databaseConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
    echo 'ERROR: ' . $e->getMessage();
}

if(isset($_POST['submit'])){
    $errMsg = '';
    //username and password sent from Form
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);

    if($username == '')
        $errMsg .= 'You must enter your Username<br>';

    if($password == '')
        $errMsg .= 'You must enter your Password<br>';


    if($errMsg == ''){
        $records = $databaseConnection->prepare('SELECT nom_user, pass_user FROM  user WHERE nom_user = :username');
        $records->bindParam(':username', $username);
        $records->execute();
        $results = $records->fetch(PDO::FETCH_ASSOC);
        if(count($results) > 0 && password_verify($password, $results['pass_user'])){
            $_SESSION['username'] = $results['username'];
            header('location:dashboard.php');
            exit;
        }else{
            $errMsg .= 'Username and Password are not found<br>';
        }
    }
}

?>
Jay Blanchard
  • 32,731
  • 15
  • 70
  • 112
DrFlow
  • 1
  • 1
  • Your query failed and for possibly a few reasons. Although, my *Spidey sense* is telling me otherwise, being password column length being too short `if < 60 { problem }`. Spidey's also sensing someone biting on my comment. *Wait for it...* – Funk Forty Niner May 20 '16 at 14:27
  • I'm having trouble differentiating from; if it's a PDO connection question or the login itself. If it's PDO connection, then try changing `define('_HOST_NAME_', '127.0.0.1');` to `define('_HOST_NAME_', 'localhost');` - You want help, we want answers too from comments. So don't be shy to step in here. I'm not going to stand around any much more longer. and a magic answer will NOT appear. But then again; the sun's starting to go down somewhere, so it's just a matter of time I guess. – Funk Forty Niner May 20 '16 at 14:36
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 20 '16 at 14:51
  • Help @Fred-ii- thank you for your comment, but the problem is not the password column length because is 255 ...Any other solution please? – DrFlow May 20 '16 at 14:56
  • @DrFlow You're welcome. Now, did you initially create/store a hash using `password_hash()`? and what is the column type? and try `fetchAll()` instead of `fetch(PDO::FETCH_ASSOC)` – Funk Forty Niner May 20 '16 at 15:02
  • @DrFlow Scratch my comment about using `fetchAll()`. I tried that myself and it failed, so the problem may be in the way you created the password(s). I've tested your code and it worked fine. – Funk Forty Niner May 20 '16 at 15:20
  • @Fred-ii- The column type is VARCHAR – DrFlow May 20 '16 at 15:38
  • @Fred-ii- can you give some details of what you mean about "the way you created the password(s)" please? – DrFlow May 20 '16 at 17:39
  • @DrFlow as in how the password was entered the db, we don't know that and if you did you `password_hash()` or a matching hard-code hash that was enterered in db. It's all in my answer below. – Funk Forty Niner May 20 '16 at 17:40
  • Look how I update the database in registration form : – DrFlow May 20 '16 at 17:45
  • getMessage()); } if ( $_POST['pass'] != $_POST['pass2'] ) { echo "Les 2 mots de passe sont différents"; } – DrFlow May 20 '16 at 17:46
  • // Insertion du message à l'aide d'une requête préparée $req = $bdd->prepare('INSERT INTO user (nom_user, type_user, phone_user, ville_user, email_user, pass_user) VALUES(?, ?, ?, ?, ?, ?)'); $req->execute(array($_POST['nom'], $_POST['type_user'], $_POST['phone'], $_POST['post_ville_select'], $_POST['email'], $_POST['pass'])); // Redirection du visiteur vers la page du minichat header('Location: index.php'); ?> – DrFlow May 20 '16 at 17:46

1 Answers1

0

Edit: As you stated in comments, the length of the column is 255. Therefore it may very well be in the way you originally stored the password(s) and that method is unknown.

  • Consult my footnotes.

I am next to convinced that your password column is too short in length, since your code checks out which is why I decided to post my answer, seeing you're not responding to comments.

If that is indeed the case, and that password column's length is less than 60 long, it needs to be altered to be that; 60 or even 255 as the manual states to be a good choice.

  • This is something that is often overlooked.

You will need to first delete the present hashes, alter the column's length, create a new hash and query after.

Reference:

Footnotes:

You also would have needed to create/stored a hash. If you only stored plain text, then that is the problem here then.

Your PHP version also needs to support the password_hash() function if you did try and use that during the password/hash creation.

Otherwise, you will need to use the compatibility pack.

Funk Forty Niner
  • 73,764
  • 15
  • 63
  • 131