Did you fix everything else like passing password2? Your PHP script tests to see if password == password2 and if it doesn’t nothing goes into your database.
Rob
No none . Why can’t I use
$password = password\_hash($password, PASSWORD\_BCRYPT, array('cost' =\> 12));
It does the same job that base64 does
I don’t think you can decrypt it in corona but I don’t see why not.
Can we slow down just a bit? We need to focus on one problem at a time.
This line: $password = password_hash($password, PASSWORD_BCRYPT, array(‘cost’ => 12));
takes the unencrypted password once it’s in PHP and makes a one-way non-reversable hash string that you store in the database. That way if a hacker compromises your database, they in theory cannot reverse the passwords. That’s the purpose of that line. But this is only important AFTER the PHP script gets it.
Between your app and your script, you’re transmitting data over the Internet. I don’t know if your URL starts with http:// or https:// since you’re not sharing your real URL. But if it’s http:// and you use: http://mysite.com/myscript.php?username=fred&password=bedrock&password2=bedrock&email=fred@flintstone.com and you use network.request() with that URL
That entire string is visible to any one with a packet sniffer running on their computer connected to the same network.
If you’re using https:// then you’re all set. The network traffic is encrypted before it’s sent and the server decrypts it and you don’t have to worry about it. But if you’re using http:// you really should hide that data behind some obfuscation: i.e. changing the key’s to something other than “username” and “password” and base64 encoding the values.
If you do this, you must change your PHP script to match.
Hopefully that explains it to you.
Now are you including “password2” on your URL? Did you change your PHP script from $_POST[‘password2’] to $_GET[‘password2’]?
if (isset($\_GET['register'])) { if ($\_GET['password'] == $\_GET['password2']) { $username = $\_GET['username']; $password = base64\_decode( $\_GET['password']); $password2 = ( $\_GET['password2']); $email= base64\_decode( $\_GET['email']); // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySqli here to find the $username and // bring out result of find in $username\_result $result = mysqli\_query($con ,"SELECT \* FROM users WHERE username='$username' AND email='$email'"); if(mysqli\_num\_rows($result ) \> 0) { echo "User exist"; } else { // it is not in use so put it in $password = password\_hash($password, PASSWORD\_BCRYPT, array('cost' =\> 12)); $sql = "INSERT into users VALUES(null, '$username', '$password', '$email')"; if(mysqli\_query($con, $result)){ }else{ echo "Sorry something went wrong."; } } }else{ echo "Passwords don't match."; } }
This is my php code currently i’m not saving the password2(confirm password) in my database . I’m just checking it to see if it matches with the password
i don’t see password2 in your previous lua code, has it been added
Correct, you don’t need to store the 2nd copy of the password. I also noticed another issue and you would not get any output is this line:
if (isset($\_GET['register'])) { // code inside }
You’re not sending a key-value pair named “register” so that will be false and your script just quits without it. You will need to add like a ®ister=1 to your URL on the Corona side or remove that if statement and matching/ending curly brace.
Rob
username = native.newTextField( 160, 200, 180, 30 ) -- take the local off since it's forward declared username.placeholder = "Username" screenGroup:insert(username) password = native.newTextField( 160, 250,180, 30 ) -- take the local off since it's forward declared password.isSecure = true password.placeholder = "Password" screenGroup:insert(password) password2 = native.newTextField( 160, 300,180, 30 ) -- take the local off since it's forward declared password2.isSecure = true password2.placeholder = "Confirm Password" screenGroup:insert(password2) email = native.newTextField( 160, 350, 180, 30 ) -- take the local off since it's forward declared email.placeholder = "E-mail" screenGroup:insert(email)
That’s the only place I have password2
Is it being sent to your php file?
local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?username=" .. mime.b64( username.text ) .. "&password=" .. mime.b64(password.text) .. "&email=" .. mime.b64( email.text ) network.request(URL, "POST", networkListener) composer.gotoScene("login") else print( "Something went wrong.") end end^this is how it should look but you do need to add other fields
local function handleButtonEvent( event ) if ( "ended" == event.phase ) then local URL = "https://web.web.com/register.php?username=" .. mime.b64( username.text ) .. "&password=" .. mime.b64(password.text) .. "&email=" .. mime.b64( email.text ).. "&password2=" .. mime.b64( password2.text ).."®ister=1" network.request(URL, "GET", networkListener) composer.gotoScene("login") else print( "Something went wrong.") end endFYI Scott, I’m trying to get him to use GET instead of POST. PHP sometimes won’t read the key/value pairs from POST requests and there are some additional hoops to jump through to make it work. GET is more reliable with PHP for small amounts of data.
Rob
Got it fixed above
It shows that the table is created but none of the users info is being shown
Your sql is off, edit: try this instead
INSERT INTO users (email, pw, username) VALUES ($email, $pw, $username);It also still allows me to sign up with the same username and password
-
is it working?
-
you will have to check this in your php and make sure it does not already exist
INSERT INTO users (email, pw, username) VALUES ($email, $pw, $username);
In my database my password is saved as password . The user account is created but the username , password and email fields are empty
Try this instead
INSERT INTO users (email, password, username) VALUES ('$email', '$pw', '$username');$sql = "INSERT INTO users (email, password, username) VALUES ('$email', '$pw', '$username');')";
When I put this it says : sorry something went wrong(my else code)