php - Registration success with database record but unable to login -
i can't login always. login failed when input correct can see in database
<?php require "konfig.php"; $errors = array(); if($_server['request_method'] == 'post'){ if(preg_match("/\s+/", $_post['fname']) === 0){ $errors['fname'] = "* first name required."; } if(preg_match("/\s+/", $_post['lname']) === 0){ $errors['lname'] = "* last name required."; } if(preg_match("/.+@.+\..+/", $_post['email']) === 0){ $errors['email'] = "* not valid e-mail address."; } if(preg_match("/.{8,}/", $_post['password']) === 0){ $errors['password'] = "* password must contain @ least 8 chanacters."; } if(strcmp($_post['password'], $_post['confirm_password'])){ $errors['confirm_password'] = "* password not much."; } if (!isset($_post['gen'])) { $errors['gen'] = "specify gender"; } else { $gen = ($_post['gen']); } if(count($errors) === 0){ $fname = $_post['fname']; $lname = $_post['lname']; $email = $_post['email']; $gen = $_post['gen']; $password = hash('sha256', $_post['password']); function createsalt(){ $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } $salt = createsalt(); $password = hash('sha256', $salt . $password); $qt = "select * members email = '$email'"; $search =$dbc->prepare($qt); $search->bindparam(':email',$email); $search->execute(); $num_row = $search->rowcount(); if($num_row >= 1){ $errors['email'] = "email address unavailable."; }else{ $sql = $dbc->prepare ("insert members(fname,lname,email,salt,password,gen) values (:fname, :lname, :email, :salt, :password,:gen)"); $sql->bindparam(':fname',$fname); $sql->bindparam(':lname',$lname); $sql->bindparam(':email',$email); $sql->bindparam(':salt',$salt); $sql->bindparam(':password',$password); $sql->bindparam(':gen',$gen); $sql->execute(); $successful = "<h3> registered.</h3>"; } } } ?> <!doctype html> <html> <head> <link type="text/css" rel="stylesheet" href="css/style.css"> <title></title> </head> <body> <div id="container"> <div class="login"> <form method="post" action="login.php"> <table> <tr> <td><h1>e-mail</h1></td> <td><h1>password</h1></td> </tr> <tr> <td><input type="text" name="login_email" id="login_email"></td> <td><input type="password" name="login_password" id="login_password"></td> <td><input type="submit" name="submit" id="login" value="login"></td> </tr> <tr> <td colspan="3"><?php if(isset($_get['message'])){ echo "<h2>" .$_get['message']. "</h2>"; } ?></td> </tr> </table> </form> </div> <div class="form"> <form method="post" action="index.php"> <table> <tr> <td colspan="2"><?php if(isset($successful)){ echo $successful; } ?></td> </tr> <tr> <td><input type="text" name="fname" id="fname" placeholder="first name" value="<?php if(isset($_post['fname'])){echo $_post['fname'];} ?>"></td> <td><input type="text" name="lname" id="lname" placeholder="last name" value="<?php if(isset($_post['lname'])){echo $_post['lname'];} ?>"></td> </tr> <tr> <td><?php if(isset($errors['fname'])){echo "<h2>" .$errors['fname']. "</h2>"; } ?></td> <td><?php if(isset($errors['lname'])){echo "<h2>" .$errors['lname']. "</h2>"; } ?></td> </tr> <tr"> <td colspan="2"><input type="text" name="email" id="email" placeholder="e-mail address" value="<?php if(isset($_post['email'])){echo $_post['email'];} ?>"></td> </tr> <tr> <td colspan="2"><?php if(isset($errors['email'])){echo "<h2>" .$errors['email']. "</h2>"; } ?></td> </tr> <tr> <td colspan="2"><input type="password" name="password" id="pw" placeholder="password"></td> </tr> <tr> <td colspan="2"><?php if(isset($errors['password'])){echo "<h2>" .$errors['password']. "</h2>"; } ?></td> </tr> <tr> <td colspan="2"><input type="password" name="confirm_password" id="cpw" placeholder="confirm password"> </tr> <tr> <td colspan="2"><?php if(isset($errors['confirm_password'])){echo "<h2>" .$errors['confirm_password']. "</h2>"; } ?></td> </tr> <tr> <td><b>sex</b></td> <td> <input type="radio" name="gen" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male" id= "rgm">male <input type="radio" name="gen" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female" id="rgf">female <td colspan="2"><?php if(isset($errors['gen'])){echo "<h2>" .$errors['gen']. "</h2>"; } ?></td> </td> </tr> <td><input type="submit" name="submit" id="submit" value="sign up"></td> </tr> </table> </form> </div> <div class="footer"></div> </div> </body> </html> session_start(); $email = $_post['login_email']; $password = $_post['login_password']; require "konfig.php"; $sql = "select password, salt members email = :email"; $query = $dbc->prepare($sql); $query->bindparam(':email',$email); $query->execute(); $rows = $query->rowcount(); if($rows < 1) { $message = "login failed!"; header("location: index.php?message=". $message); } $row = $query->fetch(pdo::fetch_assoc); $hash = hash('sha256', $row['salt'] . hash('sha256', $password) ); if($hash != $row['password']){ $message = "login failed!"; header("location: index.php?message=". $message); }else{ session_regenerate_id (); $_session['email'] = $email; header("location: home.php"); } ?> <html> <head> <body>
Comments
Post a Comment