Problems with password_verify()

gbirrane · September 23, 2021, 1:57am

The variable $submitErr = ‘Your login credentials are incorrect’; is not getting set in the code below. I get redirected to the correct page if the correct username and password is set, but the variable is not set if the password is incorrect. Any ideas why?
Thanks a lot for any help you can offer.

<?php
  include("config_test.inc");
  session_start();
  if ($_SERVER["REQUEST_METHOD"] == "POST")     {

 $myusername = mysqli_real_escape_string($db,$_POST['username']);
 $mypassword = mysqli_real_escape_string($db,$_POST['password']);
 $sql = "SELECT password FROM molmed_members WHERE login = '$myusername'";
 $result = mysqli_query($db,$sql);
      if (!$result) {
      printf("Error: %s\n", mysqli_connect_error());
      exit();
      }
 if (mysqli_num_rows($result) == 1) {
      $row = mysqli_fetch_array($result, MYSQLI_BOTH);
      if (password_verify($mypassword, $row[0]))
      {
              session_start();
              $_SESSION['login_user'] = $myusername;
            header("location: welcome_test.php");
      } else {
            $submitErr = 'Your login credentials are incorrect';
      }
 }
  }
?>

Strider64 · September 23, 2021, 2:19am

First of all, you are setting session_start() twice if it’s true and what errors are you getting? It’s hard to tell from just what you are saying. There are other errors as well.

gbirrane · September 23, 2021, 2:31am

I get the following error in error.log
PHP Notice: Undefined variable: submitErr in /var/www/html/login_test.php on line 43, referer:

I removed the second session_start().
What are the other errors? I’m completely new to this as you can probably tell

benanamen · September 23, 2021, 3:32am

Since you are just starting head straight to this PDO tutorial. This is what all the big boys use these days. Learn PDO and Prepared Statements.