So I’m creating a login form.Validating user input to check whether the email format is correct and password is longer than 6 chars, if these are valid then check whether the login
credentials are valid and they match with email/password stored on the users table.At the registration form I’m encrypting the password using sha1 and a given salt. When I check if
the password is correct I write the same check but even though I enter the correct login
credentials it seems impossible to validate login. So here’s my code:
User login function:
function user_login($email, $password){
global $db;
$salt='%#@#@**#_-!';
$userid = id_from_email($email);
$email = sanitize($email);
$password = sha1($password.$salt);
$query="SELECT UserId FROM users WHERE Email= '".$email."' and UserPass= '".$password."' ";
$result=$db->query($query);
$valid = $result->num_rows;
return ($valid >1) ? $userid : false;
}
And here is the part of login.php that checks if the login is valid:
else if(empty($errors) == true) {
$userlogin=user_login($email, $password);
if ($userlogin==false){
$errors[]='Wrong email/password combination.';
} else {
//set the user session
session_start();
$_SESSION['UserId']=$userlogin;
header('Location:success.php');
}
No matter if I put the right password and email. It always outputs “Wrong email/pass combination”
And here is how I store the pass in the database on register.php
$salt='%#@#@**#_-!';
$password = sha1($password.$salt);
I’d be very grateful if you could help me out.
Thankyou.
What you really want is this:
instead of
unless you expect that at least 2 rows should match the given email and password hash.
And I would prefer this: