This question already has answers here:
How do I get PHP errors to display?
(27 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 3 years ago.
I just finished my login script on my website and I'm using sessions. I've set the variables but only the id and not the name and email is set in the cookie. I've tried multiple things but I'm learning and I can't get it fixed
<?php
if (isset($_POST['login'])) {
require 'db.inc.php';
$email = $_POST['email'];
$password = $_POST['password'];
if (empty($email) || empty($password)) {
header("Location: ../index.php?error=emptyfields&mailuid=".$email);
exit();
}
else {
$sql = "SELECT * FROM users WHERE name=? OR email=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $email, $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$hash = password_verify($password, $row['password']);
if ($hash == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
else if ($hash == true) {
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['email'] = $row['email'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?login=wrongpassoremail");
exit();
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../diajsdians.php");
exit();
}
After this script I am logged in and theres a cookie there but no valuable info (session name is set to PHPSESSID with a value of c4ujtetrrn7k8d6b9ui2a7b2o7
I had to make the following changes:
was
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['email'] = $row['email'];
fix
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['name'];
$_SESSION['email'] = $row['email'];
Related
Every single time I try to log in, I tried several times with accounts in the database with passwords I am sure of, these are hashed then inserted into the database. However, whenever I use password_verify, I keep getting the error handler put in that says that the user has put wrong login credentials. Tried creating another user that contains ASCII character to check for encoding errors, but still didn't work.
<?php
require_once 'dbh.inc.php';
if (isset($_POST['login-submit'])) {
$username = $_POST['username'];
$pwd = $_POST['pwd'];
if (empty($username) || empty($pwd)) {
header('location: ../login.php?error=emptyfields');
exit();
} else {
$sql = "SELECT * FROM users WHERE username = ? OR email = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('location: ../login.php?error=stmtfailed');
exit();
}
mysqli_stmt_bind_param($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultData = mysqli_stmt_get_result($stmt);
mysqli_stmt_close($stmt);
if (mysqli_fetch_assoc($resultData) == 0) {
header('location: ../login.php?error=usernonexistant');
exit();
}
$row = mysqli_fetch_assoc($resultData);
$pwdHashed = $row['pwd'];
$checkPwd = password_verify($pwd, $pwdHashed);
if ($checkPwd === false) {
header('location: ../login.php?error=wronglogincredentials');
exit();
} else if ($checkPwd === true) { /*review this bruh*/
session_start();
$_SESSION['uid'] = mysqli_fetch_assoc($resultData) ['uid'];
$_SESSION['username'] = mysqli_fetch_assoc($resultData) ['username'];
header('location: ../index.php');
exit();
}
}
} else {
header('location: ../login.php');
exit();
}
Your problem is that you are calling mysqli_fetch_assoc() four times, but you only have one row. This function is not idempotent. Each time you call it, the internal pointer moves on to the next row. You have complicated the code way too much. If mysqli is too difficult for you, please try PDO.
The same code can be rewritten to make it simpler. After some small refactoring the code will look like this:
<?php
require_once 'dbh.inc.php';
session_start();
if (!isset($_POST['login-submit'])) {
header('location: ../login.php');
exit();
}
if (empty($_POST['username']) || empty($_POST['pwd'])) {
header('location: ../login.php?error=emptyfields');
exit();
}
$username = $_POST['username'];
$pwd = $_POST['pwd'];
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? OR email = ?;");
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$resultData = $stmt->get_result();
$row = $resultData->fetch_assoc();
if (!$row) {
header('location: ../login.php?error=usernonexistant');
exit();
}
$checkPwd = password_verify($pwd, $row['pwd']);
if (!password_verify($pwd, $row['pwd'])) {
header('location: ../login.php?error=wronglogincredentials');
exit();
}
$_SESSION['uid'] = $row['uid'];
$_SESSION['username'] = $row['username'];
header('location: ../index.php');
exit();
In the above code, I removed the remaining three calls to mysqli_fetch_assoc() and used OO-style which is much easier to read. Be sure to enable mysqli error reporting. Read How to get the error message in MySQLi?
I'm currently trying to make a login system based on items in a database.
Right now, this is what I have - based on a video - but when I try to login with the right password, I always get the error that the password ($pwcheck) is false.
I'm new to PHP and I don't know how to fix this.
Any help would be appreciated!
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$empid = $_POST['empid'];
$password = $_POST['password'];
if (empty($fname) || empty($lname) || empty($empid) || empty($password)) {
header('Location: ../admin_login.php?error=emptyfields&fname='.$fname."&lname=".$lname);
exit();
} else {
$sql = 'SELECT * FROM employee WHERE first_name=? AND last_name=? AND emp_id=?;';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('Location: ../admin_login.php?error=sqlerror');
exit();
} else {
mysqli_stmt_bind_param($stmt, 'sss', $fname, $lname, $empid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwcheck = mysqli_password_verify($password, $row['admin_password']);
if (!$pwcheck) {
header('Location: ../admin_login.php?error=incorrectpassword');
exit();
} else {
session_start();
$_SESSION['fname'] = $row['first_name'];
$_SESSION['lname'] = $row['last_name'];
header('Location: ../admin_page.php');
exit();
}
} else {
header('Location: ../admin_login.php?error=nouserfound');
exit();
}
}
}
} else {
header('Location: ../admin_login.php');
exit();
}
I think #timBrownlaw has nailed it.
mysqli_password_verify() is not a function I recognise either. If you are comparing a password to a stored hash (hopefully that is how you are storing passwords) then you want password_verify() https://www.php.net/manual/en/function.password-verify.php
Try that instead, then $pwcheck shouldn't be false if they match.
If you want to know more about securely hashing passwords for storage, https://www.php.net/manual/en/function.password-hash.php
This question already has answers here:
The 3 different equals
(5 answers)
Closed 2 years ago.
I'm trying to display "active" or "inactive" when a user login with session start with php and mysql.
The problem is that even when I try to login with an account that has an "inactive" state, it keeps showing me that is "active". I already added session_start(); on the start of the page.
Here's a part of my login code:
$sql = "SELECT * FROM `users_tmp` WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ..index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = $row['pwdUsers'];
if($pwdCheck == false){
header("Location: ../index.php?error=wrongpwd");
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idTmp'];
$_SESSION['idTmp'] = $row['idTmp'];
$_SESSION['stateUser'] = $row['stateUser'];
header("Location: ../user/perfil.php?login=success");
exit();
}
}
else{
header("Location: ../index.php?error=wrongpwds");
exit();
}
And here's what I'm trying to display:
<?php if(isset($_SESSION['idTmp']) ){
$state = $_SESSION['stateUser'];
if($state = "Active"){
echo $state;}
elseif($state = "Inactive"){
echo $state ;}
}
else{echo'nothing';}?>
$state = "Active" is always true, you need to use == operator instead, in the if.
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
i have this user sign in script using php prepared statement, but it is not working i have tried to switch values but still not working sometimes i get a "user does not exit" error sometimes just a blank page with the redirected link.
if(isset($_POST['login'])){
require 'dbh.php';
$mail = $_POST['email'];
$pwd = $_POST['password'];
if (empty($mail) || empty($pwd)) {
header("Location: ../login.php?error=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE id=? OR email=?;";
$stmt = mysqli_stmt_init($db);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=error");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)){
$pwdCheck = password_verify($pwd, $row['password']);
if($pwdCheck == false) {
header("Location: ../login.php?error=wrongPassword");
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['uId'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: ../profile/index.php?success");
exit();
}
}
}
}
} else {
header("Location: ../login.php");
exit();
} ```
I can see many mistakes in your code.
seems like you have missed entering the id param in the query.
Here you have mentioned id & email, "SELECT * FROM users WHERE id=? OR email=?;"
But here (mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);) you are binding $mail and password and not id and email.
You have used a extra semi colon ($sql = "SELECT * FROM users WHERE id=? OR email=?;";)
I'm trying to make a log in form. But every time that I try to login it always give a error message that my password is incorrect. Im using md5 to hash my password in the database.
I've tried to remove the hash and password_verify to my code but it automatically login the user with incorrect passowrd
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)){
header("Location: ../systemlogintut/index1.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../systemlogintut/index1.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SERVER['userId'] = $row['idUsers'];
$_SERVER['userUid'] = $row['uidUsers'];
header("Location: ../systemlogintut/index1.php?login=success");
exit();
}
else {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
}
else {
header("Location: ../systemlogintut/index1.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: ../systemlogintut/index1.php");
exit();
}
You are automatically logging in the user, change the redirect code in this line
if ($row = mysqli_fetch_assoc($result))
{
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd"); // change the redirection here
exit();
}
try it
$password = md5($_POST['pwd']);
I just change it to:
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
instead of using:
$hashedPwd = mb5($password, PASSWORD_DEFAULT);