Select in mysql table with password from form not work

[melmdoost]

hello,
i have a problem with this code:

Code: Select all

if(isset($_POST['submit_login']))
{
    $txt_login=  mysqli_real_escape_string($con,$_POST['txtlogin']);
    $txt_pass=  mysqli_real_escape_string($con,$_POST['txtpass']);
    if(empty($txt_login) || empty($txt_pass))
    {
        $err=true;
        $message="please enter information";
    }  else {
        $hashed_password=  hash('ripemd160', $txt_pass);
        
        $sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password= '$hashed_password' AND status= 'sent' AND active= '1'";
        $result=mysqli_query($con,$sql);
        if(mysqli_num_rows($result)===1){
            $_SESSION['user_login']=$txt_login;
            redirect("myskils.php");
        }else
        {
            $err=true;
            $message="your name or your password in incorrect";
            echo $hashed_password;
        }
    }
}

when i run this code, it dont return any query, so users dont redirect("myskils.php")
it display this message "your name or your password in incorrect"!!!
thank you for your help

Hello,
Possible some data from $sql query is incorrect. Try this code and see if there is sql error:

Code: Select all

$sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password='$hashed_password' AND status='sent' AND active='1'";
$result=mysqli_query($con,$sql);
if($result){
  if(mysqli_num_rows($result)>0){
    $_SESSION['user_login']=$txt_login;
    redirect("myskils.php");
  }
  else {
    $err=true;
    $message="your name or your password in incorrect";
    echo $hashed_password;
  }
}
else {
  echo 'Error: '. mysqli_error($con) .' in the sql, or some sql data is incorrect:<br>'. $sql;
}

hello,
Unfortunately, the same message is displayed again. "your name or your password is incorrect".
When I removed this code "user_password='$hashed_password'" it works correctly, but with this "user_password='$hashed_password'"
it does not work.
i used in register form and login form this code" $hashed_password= hash('ripemd160', $txt_pass); "
it was same for both forms.

Maybe the password is incorrect. You can check in phpmyadmin to see if the value of the $hashed_password is the same with data saved in the "user_password" column.

i checked, value of $hashed_password that saved in db and value of user password when user try enter password in form, with "echo $hashed_password;" in login.php
both of them are same.

it works correct in localhost by XAMPP but does not work in host!!!

Not know what the problem is, nor how I can help you.
Try put manually the password from mysql in the $sql query and see if it works. Something like this:

Code: Select all

$sql="SELECT user_ID FROM tbl_users WHERE user_login='$txt_login' AND user_password='pass_from_mysql' AND status='sent' AND active='1'";

Eventualy apply: echo $sql; and test the resulted string in phpmyadmin.
If it not works, the problem might be from the mysql table; if it works the problem might be something from the form to php.

thank you for your help.
i can find this problem!
it was a space line in user_password=' $hashed_password' in register code.
all of the passwords in db had a space line. I did not realize it.
thank you any way.