Error wen user Login in php , password have to bee the same as username to work

Question

I try to implement the login system on my unity3d game i could make it work: But i have to register the password as the same of username to make it work , i have try to google about it but i could not find any situation close to mine. How can i solve this problem , i want to bee able to register the password different from username. This is my php code

<?php 
    include_once("db.php");

    if (isset($_POST["username"]) && !empty($_POST["username"]) && 
        isset($_POST["password"]) && !empty($_POST["password"])){

        Login($_POST["username"], $_POST["password"]);
    }

    function Login($username, $password){
        GLOBAL $con;

        $sql = "SELECT id,username FROM users WHERE username=? AND password=?";
        $st=$con->prepare($sql);

        $st->execute(array($username, sha1($password)));//encrypt password
        $all=$st->fetchAll();
        if (count($all) == 1){
            echo "SERVER: ID#".$all[0]["id"]." - ".$all[0]["username"];
            exit();
        }

        //if username or password are empty strings
        echo "SERVER: error, invalid username or password";
        exit();
    }

    //if username or password is null (not set)
    echo "SERVER: error, enter a valid username & password";

    //exit():  means end server connection (don't execute the rest)
?>

This is my code to register

using UnityEngine;
using System.Collections;

public class DataInserter : MonoBehaviour {

    public string inputUserName;
    public string inputPassword;
    public string inputEmail;

    string CreateUserURL = "localhost/InsertUser.php";

    // Use this for initialization
    void Start () {
    
    }
    
    // Update is called once per frame
    void Update () {
        if(Input.GetKeyDown(KeyCode.Space)) CreateUser(inputUserName, inputPassword, inputEmail);
    }

    public void CreateUser(string username, string password, string email){
        WWWForm form = new WWWForm();
        form.AddField("usernamePost", username);
        form.AddField("passwordPost", password);
        form.AddField("emailPost", email);

        WWW www = new WWW(CreateUserURL, form);
    }
}

<?php
//Variables for the connection
    $servername = "localhost";
    $server_username =  "root";
    $server_password = "mysql";
    $dbName = "wizard2019";
    
//Variable from the user    
    $username = $_POST["usernamePost"];
    $email = $_POST["emailPost"];
    $password = sha1($_POST["passwordPost"]);
    //$username = "helder";
    //$email = "test email";
    //$password = "123456";
    
    //Make Connection
    $conn = new mysqli($servername, $server_username, $server_password, $dbName);
    //Check Connection
    if(!$conn){
        die("Connection Failed. ". mysqli_connect_error());
    }
    
    $sql = "INSERT INTO users (username, email, password)
            VALUES ('".$username."','".$email."','".$password."')";
    $result = mysqli_query($conn ,$sql);
    
    if(!$result) echo "there was an error";
    else echo "Everything ok.";

?>

can you show where you're registering the user. i.e the insert code.. and the code which posts up the username/password — Lawrence Cherone, Oct 21 '20 at 22:27
As a side note, really consider using the built in [password API](http://php.net/password) if you want secure passwords. — Jonnix, Oct 21 '20 at 22:28
During registration of user you will need to check if username already exists if so prompt the user saying username is taken — DarrenChand, Oct 21 '20 at 22:28
@LawrenceCherone i just edit and post my code to register the user — vitor coutinho, Oct 21 '20 at 22:32
I dont know unity, but `if(Input.GetKeyDown(KeyCode.Space))` look suspiciously like its going to run CreateUser every time you press space bar? — Lawrence Cherone, Oct 21 '20 at 22:39
So if I understand your question correctly, what you are looking for is how to login a user using php? — Steven Selolo, Oct 21 '20 at 22:40
@LawrenceCherone well i just have put it until i get all work correct after i will take off wen doing the registeration panel — vitor coutinho, Oct 21 '20 at 22:41
other then the sql injection, using sha1 for password. I don't see where or why you need to use username and password the same value to login.. my first thought was you were using the username as the password on insert, but your code is showing your not. — Lawrence Cherone, Oct 21 '20 at 22:43
@StevenPss no in fact i have all ready that my problem is wen i try to login with the details i have put as username helder and password 12345 it give me the error username or password incorrect but wen i register the usename 12345 and password 12345 then the login work fine — vitor coutinho, Oct 21 '20 at 22:44

score 0 · Accepted Answer · answered Oct 22 '20 at 00:15

0

In fact @LawrenceCherone Was Right , the error was caused by the input fields was inverted username was pass and pass was username

answered Oct 22 '20 at 00:15

vitor coutinho

3
3

What kind of encryptation can i use for the pass to become more secure? – vitor coutinho Oct 22 '20 at 00:17
Use password_hash() in PHP. Here's a Stackoverflow question which might help you: How to use PHP's password_hash to hash and verify passwords https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords – Easwar Chinraj Oct 22 '20 at 13:22

Error wen user Login in php , password have to bee the same as username to work

1 Answers1