Select in mysql table with password from form not work

Discuss coding issues, and scripts related to PHP and MySQL.
melmdoost
Posts:20

Select in mysql table with password from form not work

hello,
i have a problem with this code:

Code: Select all

if(isset($_POST['submit_login']))
{
    $txt_login=  mysqli_real_escape_string($con,$_POST['txtlogin']);
    $txt_pass=  mysqli_real_escape_string($con,$_POST['txtpass']);
    if(empty($txt_login) || empty($txt_pass))
    {
        $err=true;
        $message="please enter information";
    }  else {
        $hashed_password=  hash('ripemd160', $txt_pass);
        
        $sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password= '$hashed_password' AND status= 'sent' AND active= '1'";
        $result=mysqli_query($con,$sql);
        if(mysqli_num_rows($result)===1){
            $_SESSION['user_login']=$txt_login;
            redirect("myskils.php");
        }else
        {
            $err=true;
            $message="your name or your password in incorrect";
            echo $hashed_password;
        }
    }
}
when i run this code, it dont return any query, so users dont redirect("myskils.php")
it display this message "your name or your password in incorrect"!!!
thank you for your help

Admin Posts:805
Hello,
Possible some data from $sql query is incorrect. Try this code and see if there is sql error:

Code: Select all

$sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password='$hashed_password' AND status='sent' AND active='1'";
$result=mysqli_query($con,$sql);
if($result){
  if(mysqli_num_rows($result)>0){
    $_SESSION['user_login']=$txt_login;
    redirect("myskils.php");
  }
  else {
    $err=true;
    $message="your name or your password in incorrect";
    echo $hashed_password;
  }
}
else {
  echo 'Error: '. mysqli_error($con) .' in the sql, or some sql data is incorrect:<br>'. $sql;
}

melmdoost Posts:20
hello,
Unfortunately, the same message is displayed again. "your name or your password is incorrect".
When I removed this code "user_password='$hashed_password'" it works correctly, but with this "user_password='$hashed_password'"
it does not work.
i used in register form and login form this code" $hashed_password= hash('ripemd160', $txt_pass); "
it was same for both forms.

Admin Posts:805
Maybe the password is incorrect. You can check in phpmyadmin to see if the value of the $hashed_password is the same with data saved in the "user_password" column.

melmdoost Posts:20
i checked, value of $hashed_password that saved in db and value of user password when user try enter password in form, with "echo $hashed_password;" in login.php
both of them are same.

it works correct in localhost by XAMPP but does not work in host!!!

Admin Posts:805
Not know what the problem is, nor how I can help you.
Try put manually the password from mysql in the $sql query and see if it works. Something like this:

Code: Select all

$sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password='pass_from_mysql' AND status='sent' AND active='1'";
Eventualy apply: echo $sql; and test the resulted string in phpmyadmin.
If it not works, the problem might be from the mysql table; if it works the problem might be something from the form to php.

melmdoost Posts:20
thank you for your help.
i can find this problem!
it was a space line in user_password=' $hashed_password' in register code.
all of the passwords in db had a space line. I did not realize it.
thank you any way.