PHP login script not working

Hello Guys!

I am new to PHP coding. I watched a tutorial and I started to write a login scipt in PHP. I think I’ve done everything right but obviously not because something’s not right. When I try to log in, it says password or username is invalid, even tho it is! I’m gonna post the code below, I hope you can help me.

bejelentkezes.php is the login data process file btw.


<!DOCTYPE html>
<html lang="hu">
    <META HTTP-EQUIV="Content-Type" Content="text/html; Charset="utf-8">
  <META HTTP-EQUIV="Content-Language" Content="hu">

<link rel="stylesheet" href="/css/bootstrap.css">
    <div class="container">
        <h2>Bejelentkezés az admin menübe</h2>
<form class="" action="bejelentkezes.php" method="post">
<div class="form-group">
    <label for="username">Admin</label>
        <input type="text" name="username" id="username" class="form-control">

<div class="form-group">
    <label for="username">JelszĂł</label>
        <input type="password" name="password" id="password" class="form-control">

<div class="form-group">
        <input type="submit" class="btn btn-primary" value="Bejelentkezés">





$username = $_POST["username"];
$password = $_POST["password"];

$user = findUser("$username");

if(count($user) > 1){
   exit("Ez a felhasznalo mar letezik!");

if(count($user) === 0  ||  !password_verify($password, $user[0]["password"])) {
exit("Helytelen felhasznalonev vagy jelszo!");

$user = $user[0];

if(loginUser($user)) {
  echo "Bejelentkezes sikeres!";


else {
echo "Bejelentkezes sikertelen!";



function findUser($username) {
   $connectionString = "mysql:dbname=".DATABASE_NAME.";host=localhost";

   $pdo = new PDO($connectionString, DATABASE_USERNAME, DATABASE_PASSWORD);

   $sql = "SELECT * FROM users WHERE username = :username";

   $statement = $pdo->prepare($sql);

   $executed = $statement->execute([
      ":username" => $username


   if(!$executed) {
       exit("Hiba tortent!");

   $result = $statement->fetchAll();
    return $result;

function loginUser($user){

$_SESSION["id"] = $user["id"];
$_SESSION["username"] = $user["username"];

return $_SESSION["username"]  && $_SESSION["id"];


function startSession() {
   if(session_status() == PHP_SESSION_NONE){



and the: config.php

define("DATABASE_NAME", "teszt89");
define("DATABASE_USERNAME", "root");
define("DATABASE_PASSWORD", "");


the sql table is look like this:

  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL DEFAULT '',
  `password` varchar(255) NOT NULL DEFAULT '',
  `keresztnev` varchar(100) NOT NULL DEFAULT '',
  `vezeteknev` varchar(100) NOT NULL DEFAULT '',

  PRIMARY KEY (`id`)

INSERT INTO `users` (`id`, `username`, `password`, `keresztnev`, `vezeteknev`) VALUES
('1', 'admin', 'password', 'Mate', 'Komlosi');

When you create the new user record in your table, do you call password_hash to encrypt it, and just not show it here? It looks like you’ve stored the plain-text password in the database, but then compare what the user typed in using password_verify(), which requires a hashed password.

No. The tutorial mentioned it but it was not too specific about it. If it’s not too much to ask, can you show me how it is done? :slight_smile:

On the sign up script you would typically hash the password and store the hashed version in the database, it’s much more secure that way.

$hashed = password_hash($_POST['password'], PASSWORD_DEFAULT);

Then $hashed is the value you insert into the database, and subsequently check during log-in via the password_verify() function.


I see, thanks! Can you show me how it is look like in my code I posted above? Sorry, I am a beginner :confused:

This would be a change to the sign-up script, not the log-in script you posted.
The log-in is already checking for a hashed password, which it should be.

Okay, so if generate a hash code with this and I copy it into the users table ‘password’ section insted of a plan-text password then it should be working?

No, no, no!

Don’t use MD5, that’s old and not too secure.

Use the password_hash() function, like I showed above.


Okay, thanks for the help! :wink: It’ts working now.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.