Please i need help i have a voting system which allow me to add user as admin. in the process of adding the user i use a salt password hashing technic and is work perfectly that is when i what to add a user. The problem is that the user can not login and i have try but no way for me. The codes pasted below.
****first if the codes that allow me to add user to the tabase**** add_user.php
<?php
global $db;
// require("../config/db.php");
global $error1, $error2, $error3, $error4;
$full_name = $username = $password = "";
if(isset($_POST['submit'])){
$username = $_POST['username'];
$ad_password = $_POST['password'];
$full_name = $_POST['full_name'];
$sql_query = mysqli_query($db, "SELECT username FROM admin WHERE username = '{$username}' ");
$count = mysqli_num_rows($sql_query);
$sql_salt = mysqli_query($db, "SELECT randSaltPass FROM admin");
$row = mysqli_fetch_array($sql_salt);
$salt = $row['randSaltPass'];
$password = crypt($ad_password, $salt);
if(!empty($username) && !empty($ad_password) && !empty($full_name)){
if($count > 0){
$error1 = "<div class='alert alert-danger'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
Username Already Exists.
</div>";
}else{
$u_name = mysqli_real_escape_string($db, $username);
$pass_word = mysqli_real_escape_string($db, $ad_password);
$admin_name = mysqli_real_escape_string($db, $full_name);
if(!preg_match('/^[a-zA-Z]*$/', $u_name)){
$error2 ="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Only Leters are Allowed For Username.
</div>";
}
if(!preg_match('/^[a-zA-Z]*$/', $admin_name)){
$error3 ="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Only Leters are Allowed For Fullname.
</div>";
}
if(!preg_match('/^\S*(?=\S{7,15})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/', $pass_word)){
$error4 ="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Password Must Be Between 7 and 15 Characters and Must Contain At Least One Lowercase Letter one uppercase Letter and One Digit.
</div>";
}
if((preg_match('/^[a-zA-Z]*$/', $u_name)) && (preg_match('/^[a-zA-Z]*$/', $admin_name)) && (preg_match('/^\S*(?=\S{7,15})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$/', $pass_word))){
$sql = "INSERT INTO admin(username, password, admin_name) VALUES('{$u_name}', '{$password}', '{$admin_name}' )";
$query = mysqli_query($db, $sql);
if(!$query){
die("QUERY FAILED " . mysqli_error($db));
}
}
}
}else{
if(empty($username)){
$error2="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Username Can Be Empty.
</div>";
}
if(empty($full_name)){
$error3="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Fullname Can Be Empty.
</div>";
}
if(empty($password)){
$error4="<div class='alert alert-danger'>
<a href='' class='close' data-dismiss='alert' aria-label='close'>×</a>
Password Can Be Empty.
</div>";
}
}
}
?>
Second is the code that allow user to login but the problem is i do not Know where i will hash so that user will be able to login
Admin_login.php
class Admin_Login
{
private $_username;
private $_password;
public function __construct($c_username, $c_password) {
$this->_username = $c_username;
$this->_password = md5($c_password);
// $sql_salt = mysqli_query($db, "SELECT randSaltPass FROM admin");
// $row = mysqli_fetch_array($sql_salt);
// $salt = $row['randSaltPass'];
// $password = crypt($db, $salt);
}
public function AdminLogin() {
global $db;
//Start session
session_start();
//Array to validate errors
$error_msg_array = array();
//Error messages
$error_msg = FALSE;
if($this->_username == "") {
$error_msg_array[] = "Please input your username";
$error_msg = TRUE;
}
if($this->_password == "") {
$error_msg_array[] = "Please input your password";
$error_msg = TRUE;
}
if($error_msg) {
$_SESSION['ERROR_MSG_ARR'] = $error_msg_array;
header("location:
http://localhost/voting_system/sandbox/index.php");
exit();
}
$sql = "SELECT * FROM admin WHERE username = ? AND password = ? LIMIT 1";
if(!$stmt = $db->prepare($sql)) {
echo $stmt->error;
} else {
$stmt->bind_param("ss", $this->_username, $this->_password);
$stmt->execute();
$result = $stmt->get_result();
}
if($result->num_rows > 0) {
//Login successful
$row = $result->fetch_assoc();
//Create session
session_regenerate_id();
$_SESSION['ADMIN_ID'] = $row["id"];
$_SESSION['ADMIN_NAME'] = $row["name"];
session_write_close();
header("location:
http://localhost/voting_system/sandbox/admin_page.php");
} else {
//Login failed
$error_msg_array[] = "The username and password you entered is incorrect.";
$error_msg = TRUE;
if($error_msg) {
$_SESSION['ERROR_MSG_ARR'] = $error_msg_array;
header("location:
http://localhost/voting_system/sandbox/index.php");
exit();
}
$stmt->free_result();
}
$result->free();
return $result;
}
}
login.php
<?php
//Include database connection
require("../../config/db.php");
//Include class Admin_Login
require("../classes/Admin_Login.php");
if(isset($_POST['submit'])) {
//Create variable to store post array values
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$adminLogin = new Admin_Login($username, $password);
$rtnAdminLogin = $adminLogin->AdminLogin();
}