Register and login error.

[wazowski78]

Hi again, I am getting problems with the registration and login in the app. Now It is suppose the app is working fine and the .htaccess is working properly, but if I try to register a new user, login withe an user of the database or even try to execute forgot password, none of them are working for me. When I introduce incorrect details, the web tells me that they are incorrect, so I suppose the DB connections is fine. Can you tell me the web app process in order to debug the issue please?

[wazowski78]

I ave made some debug and the web-app stucks at this call in login.class.php:

      if (($username || $password) == "") {
        return "Your values are missing";
      } else {
        $query = $this->db->prepare("SELECT password FROM users WHERE username = :username LIMIT 1");
        $query->execute(array(":username" => $username));
        if ($query->rowCount() == 0) {
          return "Incorrect details";
        } else {
          $row = $query->fetch(PDO::FETCH_OBJ);
          $pass = $row->password;

          //return "Debug continue";

          if (password_verify($password, $pass)) {
            $iquery = $this->db->prepare("SELECT id FROM users WHERE username = :username AND password = :password LIMIT 1");
            $iquery->execute(array(":username" => $username, ":password" => $pass));
            $irow = $iquery->fetch(PDO::FETCH_OBJ);
            $id = $irow->id;
            $random = new random;
            $os = $random->getOS();
            $browser = $random->getBrowser();
            $lquery = $this->db->prepare("INSERT INTO login(user_id, ip, time, os, browser) VALUES(:id, :ip, now(), :os, :browser)");
            $lquery->execute(array(":id" => $id, ":ip" => $ip, ":os" => $os, ":browser" => $browser));
            $_SESSION['id'] = $id;
            return "Successfull";
          } else {
            return "Incorrect password";
          }
        }
      }
    }

Where is the "password_verify" call?

In the same way I have found that the web app stucks at REGISTER call in login.class.php when running password_hash function here:

      include 'settings.class.php';
      include 'universal.class.php';
      include 'PHPMailerAutoload.php';

      $mail = new PHPMailer;
      $settings = new settings;
      $universal = new universal;

      //return "Debug register 0";

      $password_h = password_hash($password, PASSWORD_DEFAULT);

      $fquery = $this->db->prepare("SELECT id FROM users WHERE username = :username");
      $fquery->execute(array(":username" => $username));
      $squery = $this->db->prepare("SELECT id FROM users WHERE email = :email");
      $squery->execute(array(":email" => $email));

      if (($username || $firstname || $surname || $email || $password) == "") {
        return "Some values are missing";
      } else if (!filter_var($email, FILTER_VALIDATE_EMAIL) === true) {
        return "Incorrect email";
      } else if ($fquery->rowCount() > 0) {
        return "username already exists";
      } else if ($squery->rowCount() > 0) {
        return "Email already exists";
      } else {
.
.
.

In the same way the issue previously mentioned, where is the "password_hash" call?

[wazowski78]

Now I can answer my own question, the calls are included in PHP 5.5, that is my error. I am going to try to fix it. You should add a requirements tab in the readme. Thank you for your job!!

Edit: After updating my VPS to the lasts PHP version, everything works fine. Great, great job!

[yTakkar]

Happy for you!!