Log in need to check password

I need help with checking password all other works good

                                        <form class="form-horizontal" action="" method="post" id="form1" style="width: 95%; margin: 0 2.5%" novalidate>
                                            <div class="control-group">
                                                <label class="control-label" for="ea">Email Address:</label>
                                                <div class="controls">
                                                      <DIV align="left"><input type="email" name="email" id="email" class="input-large valid"></div>
                                            <div class="control-group">
                                                <label class="control-label" for="pa">Password:</label>
                                                <div class="controls">
                                                    <DIV align="left"><input type="password"  name="password" id="password" class="input-large valid"></div>
                                  <div class="control-group">
                                                <div class="controls" id="exist_wait"></div>
                                            <div class="control-group">
                                                <label class="control-label"></label>
                                                <div class="controls">
                                                  <tr valign="baseline">
                                                <td nowrap align="right">&nbsp;</td>
                                                <td> <DIV align="left"><input type="submit" name="Submit1" class="submit" value="Submit"></div></td>

$conn= mysqli_connect("localhost","root",""); 
	if(mysqli_connect_error()) { 
		die('Could not connect: ' . mysqli_connect_error());



	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$upass = mysqli_real_escape_string($conn, $_POST['pass']);
	$res=mysqli_query($conn, "SELECT * FROM users WHERE           email='$email'       ")  or die("Error: ".mysqli_error($dbc));
	$row=mysqli_fetch_array($res, MYSQLI_ASSOC);
		$_SESSION['user'] = $row['user_id'];
	      $_SESSION['password']= $row['password'];
CREATE TABLE `users` (
  `user_id` int(5) NOT NULL,
  `email` varchar(255) NOT NULL,
  `username` varchar(25) NOT NULL,
  `password` varchar(255) NOT NULL

#1: Storing the password in the session is unnecessary.
#2: Consider stepping up from md5 to something like PHP’s native password hasher.
#3: Be careful checking for the submit value, certain browsers had a property where if you hit enter to submit the form, it didnt send the submit button’s value. (Uncertain of the current status of this condition)
#4: What precisely is going wrong with your code?

I tried to many times to check pass didnt work i need add password check

So you’re saying your password check isnt matching known good passwords?

Well lets see.

#1: $upass = mysqli_real_escape_string($conn, $_POST[‘pass’]);
Unnessary. You dont send the password to a query.
Also, $_POST[‘pass’] doesnt exist. You called your form element password, not pass.

SELECT * FROM users WHERE email=‘$email’ and password=‘$ password’
i need this get work


Well i’d strongly suggest NOT sending the password via query, and instead getting a result from the database by email alone and testing it when it gets back, as you currently have it.

If you must do it that way, then try that first and then tell us what isnt working with that approach.

password via query page goes on same page all the time

if try like this if($row[‘password’]==md5($upass) && (email=‘$email’) ) getting error

!! Do not use MD5 for storing passwords, it is not secure !!

As wikipedia says:

The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).

(emphasis mine)

Use PHP’s builtin password_hash instead.


so how check password

Here’s a complete example: https://www.sitepoint.com/hashing-passwords-php-5-5-password-hashing-api/

1 Like
			$upass= 'abcxyz123'; // password 
    $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string 

    $hash = md5($upass); 
    $hash_md5 = md5($salt . $upass); 

    // echo now 
    echo 'Original Password: ' . $upass . '<br><br>';
    echo 'Original Salt: ' . $salt . '<br><br>';
    echo 'MD5: ' . $hash . '<br><br>';
    echo 'MD5 with Salt: ' . $hash_md5 . '<br><br>';?>
```like this

you misunderstood i have password hash i need check password against db is user in db or not

You need to stop what your doing. As you have already been told, DO NOT USE MD5.


As many has already said, you shouldn’t be making your own homebrew password hashing algorithm. With what I can deduct from your recent posts, you don’t really know that much about the basics yet. Cryptography is something entirely different and is way way way way more complex than the basics of PHP. Since neither you have the grasp of the basics nor are a cryptography expert, I would strongly advise you not to write your own algorithm. Please use password_hash() and password_verify() as others have tried to point out.


I fixed `:smile:

$email = trim($_POST['email']);
$password = trim($_POST['password']);

$sql = "select * from users where email = '".$email."'";
$rs = mysqli_query($conn,$sql);
$numRows = mysqli_num_rows($rs);

if($numRows  == 1){
	$row = mysqli_fetch_assoc($rs);


I wrote some algorithms long time ago .I didnt touch computer for almost a year.

Now you just need to stop creating variables for nothing, stop putting spaces in file and directory names and start using Prepared Statements and start specifying the column names you want instead of SELECT * .

Why not use header('Location: http://localhost/carbooking3/16%20y/S.php'); to redirect? :thinking:

1 Like