This is my login verify. Im echoing everything for debugging
<?php
echo $email = $_POST['email'];
echo $password = $_POST['password'];
include 'conn.php';
$sql = $conn->prepare("SELECT id, password FROM user_info WHERE email=?");
$sql->bind_param('s',$email);
$sql->execute();
$result = $sql->get_result();
$row = $result->fetch_assoc();
$sql->close();
echo $hash = $row['password'];
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
$conn->close();
?>
My SignUp page
<?php
include 'conn.php';
$name = $_POST['first_name']." ".$_POST['last_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
$password = password_hash($password, PASSWORD_DEFAULT);
$sql = $conn->prepare("INSERT INTO `user_info` (`email`, `name`, `password`, `gender`) VALUES (?, ?, ?, ?)");
$sql->bind_param('sssi', $email, $name, $password, $gender);
$sql->execute();
$sql->close();
$conn->close();
?>
Snapshot of my database
Every time it just outputs to password invalid.
Related
I have this PHP code, which registers a user. All form validation is done by jQuery and the request is sent by Ajax to this PHP page. Everything is working fine except it’s not checking if email and mobile is already registered.
<?php
require('db_connection.php');
$error = "";
if($_SERVER['REQUEST_METHOD'] == "POST"){
$name = $_POST['name'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$hashed_password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $conn->prepare("SELECT `user_email`, `user_mobile` FROM `users` where `user_email` = ? && `user_mobile` = ? LIMIT 1");
$stmt->bind_param("si", $email, $mobile);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows() > 0){
$row = $stmt->fetch();
if($email == isset ($row['user_email'])){
echo "email exists";
}
if($mobile == isset($row['user_mobile'])){
echo "mobile exists";
}
}else{
$stmt = $conn->prepare("INSERT INTO `users`(`user_name`, `user_email`, `user_mobile`, `user_password`) values (?, ?, ?, ?)");
$stmt->bind_param("ssis", $name, $email, $mobile, $hashed_password);
$stmt->execute();
echo "successfull";
}
$stmt->close();
}
$conn->close();
?>
from my observation the problem is somewhere I'm fetching the rows, because the registration is happening with different email and mobile.
I'm creating a back end to my website and running into issues with the login user part.
The user registration into the database is made with the password_hash function using the code below:
UserReg.php :
<?php
require_once 'db.php';
$mysqli = new mysqli($host, $user, $password, $dbname);
if($mysqli -> connect_error) {
die($mysqli -> connect_erro);
}
$username = "userF";
$password = "somePass";
$token = password_hash("$password", PASSWORD_DEFAULT);
add_user($mysqli,$username, $token);
function add_user($mysqli,$username, $token) {
$query = $mysqli->prepare("INSERT INTO users(username, password) VALUES
(?,?)");
$query->bind_param('ss',$username, $token);
$query->execute();
$result = $query->get_result();
if(!$result) {
die($mysqli->error);
}
$query->close();
}
My login form skips to a blank page even when i insert my username and password. Doesn't even go to the login error message.
Login.php
<?php
include 'db.php';
$username = $_POST['user'];
$pwd = $_POST['password'];
$sql = "SELECT password FROM users WHERE username = ?";
$stmt = $mysqli->prepare($sql);
$stmt->execute();
$stmt->bind_result($pass);
while ($result = $stmt->num_rows()) {
if($stmt->password_verify($pwd, $result)) {
echo "Your username or password is incorrect";
} else {
header("Location: Menu.php");
}
}
What am i missing?
Appreciate your help.
I think you need to take a look at password_verify how it works.
$username = $_POST['user'];
$pwd = $_POST['password'];
$sql = "SELECT username, password FROM users WHERE username = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if ($stmt->num_rows == 1) { //To check if the row exists
if ($stmt->fetch()) { //fetching the contents of the row
if (password_verify($pwd, $password)) {
$_SESSION['username'] = $username;
echo 'Success!';
exit();
} else {
echo "INVALID PASSWORD!";
}
}
} else {
echo "INVALID USERNAME";
}
$stmt->close();
When I login it's suppose to insert, but instead does nothing.. On my register php it inserts data to accounts, but when i insert data into online it won't work..
PS- I'm new to PDO so I don't know what i'm doing wrong
<?php
session_start();
if(isset($_SESSION['users']) != ""){
echo '<script type="text/javascript">','index();','</script>';
}
include('../php/dbConnect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$query = 'SELECT * FROM `accounts` WHERE username = ?';
$queryprepare = $conn->prepare($query);
$queryprepare->bindParam(1, $username, PDO::PARAM_STR);
$queryprepare->execute();
$row = $queryprepare->fetch();
if($row['password'] == md5($password))
{
$_SESSION['online'] = true;
$_SESSION['users'] = $username;
$_SESSION['userid'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['age'] = $row['age'];
$_SESSION['image'] = $row['image'];
$check_row = 'SELECT * FROM `online` WHERE username = ?';
$check_row_fetch = $conn->prepare($check_row);
$check_row_fetch->bindParam(1, $username, PDO::PARAM_STR);
$check_row_fetch->execute();
$number_of_rows = $check_row_fetch->rowCount();
if($number_of_rows != 0) {
echo '<script type="text/javascript">','redirect();','</script>';
}
else{
$online_insert = 'INSERT INTO online (username, name, age, image) VALUES (?, ?, ?, ?)';
$online_insert_fetch = $conn->prepare($online_insert);
$online_insert_fetch->bindParam(1, $SESSION['users'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(2, $SESSION['name'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(3, $SESSION['age'], PDO::PARAM_STR);
$online_insert_fetch->bindParam(4, $SESSION['image'], PDO::PARAM_STR);
$online_insert_fetch->execute();
echo '<script type="text/javascript">','redirect();','</script>';
}
}
else{
echo("Wrong Credentials");
}
?>
I am new to Prepared Statements in Php and and wondering how you would best approach checking if a row already exists as I seem to be getting confused at this stage:
<?php
include '../config.php';
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $email, $password);
if(mysqli_num_rows($stmt) > 0) {
$email = $_POST['email'];
$password = $_POST['password'];
$stmt->execute();
header('Location: ../login.php');
} else {
echo 'user already exists';
}
$stmt->close();
$conn->close();
?>
The above returns the else statement, if I switch them around it will insert again making use of the else statement and inserting the record but still not checking.
** UPDATE **
Here is my updated code for you to see after assistance below..
<?php
include '../config.php';
ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
$email = $_POST['email'];
$password = $_POST['password'];
$stmt_check = $conn->prepare("SELECT * FROM users WHERE email =?");
$stmt_check->bind_param("s", $email);
$stmt_check->execute();
if($stmt_check->num_rows > 0) {
echo 'user already exists';
} else {
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
// header('Location: ../login.php');
}
$stmt->close();
$conn->close();
?>
mysqli_num_rows applicable to SELECT statement.
$stmt_check = $conn->prepare("SELECT * FROM users WHERE email =? AND password =?");
$stmt_check->bind_param("ss", $email, $password);
$stmt_check->execute();
if(mysqli_num_rows($stmt_check) > 0)
Updated Code
<?php
include '../config.php';
$email = $_POST['email'];
$password = $_POST['password'];
$stmt_check = $conn->prepare("SELECT * FROM users WHERE email =? AND password =?");
$stmt_check->bind_param("ss", $email, $password);
$stmt_check->execute();
if($stmt_check->num_rows > 0){
echo 'user already exists';
} else {
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
header('Location: ../login.php');
}
$stmt->close();
$conn->close();
?>
Quick Link
mysqli_num_rows
mysql_num_rows
Which States,
This command is only valid for statements like SELECT or SHOW that
return an actual result set. To retrieve the number of rows affected
by a INSERT, UPDATE, REPLACE or DELETE query, use
mysql_affected_rows().
Edit 1
Change
if(mysqli_num_rows($stmt_check) > 0){
To
if($stmt_check->num_rows > 0){
See Example2 of PHP mysqli_num_rows() Function
This is my updated code, please try
<?php
include '../config.php';
$email = $_POST['email'];
$password = $_POST['password'];
$stmt_check = $conn->prepare("SELECT * FROM users WHERE email =? AND password =?");
$stmt_check->bind_param("ss", $email, $password);
$stmt_check->execute();
$stmt_check->store_result();
$numberofrows = $stmt_check->num_rows;
if(($numberofrows) > 0)
echo 'user already exists';
} else {
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $email, $password);
$stmt->execute();
header('Location: ../login.php');
}
$stmt->close();
$conn->close();
?>
Take a look at mysqli_stmt_affected_rows()
<?php include '../config.php';
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $_POST['email'], $_POST['password']);
$stmt->execute();
if(mysqli_stmt_affected_rows($stmt) > 0)
{
header('Location: ../login.php');
}
else
{
echo 'user already exists';
}
$stmt->close();
$conn->close();
?>
<?php include '../config.php';
$stmt = $conn->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
$stmt->bind_param("ss", $_POST['email'], $_POST['password']);
$result = $stmt->execute(); // this return a bool: true if row affected otherwise false
if($result)
{
header('Location: ../login.php');
}
else
{
echo 'user already exists';
}
$stmt->close();
$conn->close();
?>
I have 4 inputs and they need to be filled. I made an isset test but it doesn't work. It is always showing true, but all inputs aren't filled and this php is for registering. Can you help me? Sorry for my bad English.
<?php
require('config.php');
Error_reporting(-1);
if (isset ($_POST['submit'])){
$username= $_POST['username'];
$iname= $_POST['iname'];
$email= $_POST['email'];
$pass= $_POST['pass'];
$pass1= $_POST['pass1'];
if (isset ($_POST['username']['iname']['email']['pass']['pass1'])){
/*$username= $_POST['username'];
$iname= $_POST['iname'];
$email= $_POST['email'];
$pass= $_POST['pass'];
$pass1= $_POST['pass1'];*/
if ($pass1 == $pass){
$username= mysqli_real_escape_string($link, $username);
$iname= mysqli_real_escape_string($link, $iname);
$email= mysqli_real_escape_string($link, $email);
$pass= mysqli_real_escape_string($link, $pass);
$pass1= mysqli_real_escape_string($link, $pass1);
$pass= md5($pass);
$check="SELECT username FROM users WHERE username = '$username'";
$rs = mysqli_query($link,$check);
$checker = mysqli_fetch_assoc($rs);
if ($checker['username'] == $username)
{
echo "Username is already taken";
exit();
}
$insert = "INSERT INTO `users` (`id`, `username`, `iname`, `email`, `pass`) VALUES (NULL, '$username', '$iname', '$email', '$pass')";
$query = mysqli_query ($link, $insert) or die("Query error");
//"INSERT INTO users ('id', 'username', 'iname', 'email', 'pass') VALUES ('NULL, '{$username}', '{$iname}', '{$email}', '{$pass}')"
}else{
echo "Passwords doesnt match";
}
}else{
echo "Fill all areas";
}
}else{
}
?>
I tested all answers in the comments, but none of them works! I don't understand why it doesn't work!
You can use this:
if (isset ($_POST['username'], $_POST['iname'], $_POST['email'], $_POST['pass'], $_POST['pass1'])){
//your code
}
this condition will return true only if all arguments to isset() are set and do not contain null.
Note: Instead of checking only for isset you should check this for empty also.
Like following:
if (isset ($_POST['username'], $_POST['iname'], $_POST['email'], $_POST['pass'], $_POST['pass1']) && !empty($_POST['username']. $_POST['iname']. $_POST['email']. $_POST['pass']. $_POST['pass1'])){
//your code
}
Try using
if (isset ($username, $iname, $email, $pass,$pass1))
instead...
require('config.php');
Error_reporting(-1);
if (isset ($_POST['submit'])){
$username= $_POST['username'];
$iname= $_POST['iname'];
$email= $_POST['email'];
$pass= $_POST['pass'];
$pass1= $_POST['pass1'];
if (!empty($username) and !empty($iname) and !empty($email) and !empty($pass) and !empty($pass1)){
if ($pass1 == $pass){
$username= mysqli_real_escape_string($link, $username);
$iname= mysqli_real_escape_string($link, $iname);
$email= mysqli_real_escape_string($link, $email);
$pass= mysqli_real_escape_string($link, $pass);
$pass1= mysqli_real_escape_string($link, $pass1);
$pass= md5($pass);
$check="SELECT username FROM users WHERE username = '$username'";
$rs = mysqli_query($link,$check);
$checker = mysqli_fetch_assoc($rs);
if ($checker['username'] == $username)
{
echo "Username is already taken";
exit();
}
$insert = "INSERT INTO `users` (`id`, `username`, `iname`, `email`, `pass`) VALUES (NULL, '$username', '$iname', '$email', '$pass')";
$query = mysqli_query ($link, $insert) or die("Query error");
//"INSERT INTO users ('id', 'username', 'iname', 'email', 'pass') VALUES ('NULL, '{$username}', '{$iname}', '{$email}', '{$pass}')"
}else{
echo "Passwords doesnt match";
}
}else{
echo "Fill all areas";
}
}else{
}
Best way to be sure is use it separately:
if(isset($_POST["username"]) and isset($_POST["email"]) and.... )