Validating form password against MySQL database

2018-06-07 02:41:15

I'm relatively new to PHP and I'm trying to setup a login system. The part which is causing me trouble is trying to check if the password received from a form matches the corresponding email on a MySQL database (bearing in mind the email address was also submitted on the form). At the moment I am unsure what to do but this is the source code I pulled together...

<html>
<body>
<?php
$servername = "localhost";
$username = "***";
$password = "***";
$dbname = "pearsem_mystore";

// Create Connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check database connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT firstName, userEmail, userPass FROM users WHERE userEmail = '".$_POST["userEmail"]."'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();

if ($row["userPass"] == $_POST["userPass"]) {
    // If true... Welcome {firstname}
    echo "Welcome " . $row["firstName"];
} 
elseif ($result->num_rows == 0) {
    echo "Incorrect email address/password";
} 
else {
    echo "Error";
}
$conn->close();

?>
</body>
</html>

Thanks in advance for your help! PS I have tried to explain the situation as best as possible but if you need more information then please ask.

First off:

If you're storing the raw password in the database, then thats a BIG DON'T.

Use password_hash before you write to dB. Then password_verify when you compare passwords with user inputs.

Three links to help you:

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

https://codereview.stackexchange.com/questions/124777/using-phps-password-hash-and-password-verify-for-a-login-function

链接地址: http://www.djcxy.com/p/21860.html

上一篇: 如何快速重命名MySQL数据库（更改模式名称）？

下一篇: 根据MySQL数据库验证表单密码