I've recently started building a login system in PHP and SQL and all that kind of stuff, and my login script always returns the "fill it in" thing, even though all forms are filled in. Also, I believe there could be an issue that I've directly inserted a user/pass into the database with no hashing, and the script tries to dehash the password. Anyway, any help would be appreciated.
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$hwid = mysqli_real_escape_string($conn, $_POST['hwid']);
//Error handlers
//Check if inputs are empty
if (empty($uid) || empty($pwd) || empty($hwid)) {
echo("fill it in");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
echo("error logging in");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
echo("error logging in");
exit();
} elseif ($hashedPwdCheck == true) {
$sql = "SELECT * FROM users WHERE user_hwid='$hwid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
// run code to verify if the HWID is right
header("Location: ../index.php?login=ezwin");
echo("It worked");
} else {
// add the hwid to the database
$sql = "INSERT INTO users (user_hwid) VALUES ('$hwid');";
mysqli_query($conn, $sql);
}
}
}
}
}
} else {
echo("error logging in");
}
By the way, dbh.inc.php has all my SQL login information.
Aucun commentaire:
Enregistrer un commentaire