I'm watching a login system guide on Youtube, and recreating it. It's about done, but every time i try to login, it gives me an error:
"Incorrect Password"
I suspect this has to do with the $row that was made in an if statement. But i don't know what $row does.
I'll leave some code if someone can see the problem.
<?php
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=succes");
exit();
} ?>
if ($row = mysqli_fetch_assoc($result))
This tries to fetch a row from the query result. If there is a row to fetch from the results, then that row is assigned to the $row variable and the if statement is executed. If there is not a row to fetch from the results, then the if statement returns false and is skipped.
Related
I am semi-new to PHP and MySQL so I was using this tutorial video to set up the forgotten password system for their previous tutorial on a login system (https://www.youtube.com/watch?v=wUkKCMEYj9M, timestamp to the part I am working on is 1:05:46).
Everything was working fine until I got to the part where we had to create the new password and anytime I submit the new password, it receives an error essentially saying that there are no rows in the database, or at least I believe that is what the error is. (Error Message: You need to re-submit your request (1)) Below I have given my code (The file for the database connector is accurately named dbc.inc.php, I messed it up when originally naming it so I just apply the different name to my scripts) and if you see what it is, I will be very grateful. Thanks!
<?php
if(isset($_POST["reset-password-submit"])) {
$selector = $_POST["selector"];
$validator = $_POST["validator"];
$password = $_POST["pwd"];
$passwordRepeat = $_POST["pwd-repeat"];
if(empty($password) || empty($passwordRepeat)) {
header("Location: ../create-new-password.php?newpwd=empty&selector=". $selector . "&validator=" . $validator);
exit();
}
else if ($password != $passwordRepeat){
header("Location: ../create-new-password.php?newpwd=pwdnotsame&selector=". $selector . "&validator=" . $validator);
exit();
}
$currentDate = date("U");
require 'dbc.inc.php';
$sql = "SELECT * FROM pwdReset WHERE pwdResetSelector=? AND pwdResetExpires >= ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (1)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $selector, $currentDate);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if(!$row = mysqli_fetch_assoc($result)) {
echo "You need to re-submit your reset request. (1)";
exit();
}
else
{
$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($tokenBin, $row["pwdResetToken"]);
if($tokenCheck == false)
{
echo "You need to re-submit your reset request. (2)";
exit();
}
else if ($tokenCheck == true)
{
$tokenEmail = $row['pwdResetEmail'];
$sql = "SELECT * FROM users WHERE emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (2)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if(!$row = mysqli_fetch_assoc($result)) {
echo "There was an error. (3)";
exit();
}
else
{
$sql = "UPDATE users SET pwdUsers=? WHERE emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (4)";
exit();
}
else {
$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
mysqli_stmt_execute($stmt);
$sql = "DELETE FROM pwdReset WHERE pwdResetEmails=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (5)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpwd=passwordupdated");
}
}
}
}
}
}
}
}
else {
header("Location: ../index.php");
}
I figured out what was wrong. In the page the user would input their new password on also stores the selector and token, both of which I had misspelled value on. The script above works fine with a minor tweak to the bottom part.
The new hash part should be:
$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
mysqli_stmt_execute($stmt);
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error 5";
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpwd=passwordupdated");
}
Not what it was originally above.
I am trying to create a login system that will load a different homepage based upon what database their information is stored in - Whether they're a customer or a business.
I have created my registration and it is okay when I am trying to check just one database and it will log them in successfully.
I am unsure where to put this bit of code for the second database though - I keep receiving errors whenever i place it somewhere, I have used a similar sort of code for the first database.
mysqli_stmt_bind_param($stmt2, "s", $ema);
mysqli_stmt_execute($stmt2);
$result2 = mysqli_stmt_get_result($stmt2);
This is the code in full.
} elseif (!empty($ema) AND !empty($pas)) {
$sql1 = "SELECT * FROM users1 WHERE email1=?;";
$sql2 = "SELECT * FROM users2 WHERE email2=?;";
$stmt1 = mysqli_stmt_init ($conn);
$stmt2 = mysqli_stmt_init ($conn1);
//Check if there was an error reading data from database
if (!mysqli_stmt_prepare($stmt1, $sql1) AND !mysqli_stmt_prepare($stmt2, $sql2)) {
header("Location: ../splash.php?error=sqlerror");
} else {
mysqli_stmt_bind_param($stmt1, "s", $ema);
mysqli_stmt_execute($stmt1);
$result1 = mysqli_stmt_get_result($stmt1);
if($row1 = mysqli_fetch_assoc($result1)) {
$pwdcheck1 = password_verify($pas, $row1['pwd1']);
if($pwdcheck1 == false) {
header("Location:../splash.php?error=wrongdetails");
exit();
//If a username and password in the business account correlate, then load the business index.
} elseif ($pwdcheck1 == true){
session_start();
$_SESSION['userlog1'] = $row1['idUsers1'];
header("Location: ../../b/index1.php?login=success");
exit();
}
} elseif ($row2 = mysqli_fetch_assoc($result2)) {
$pwdcheck2 = password_verify($pas, $row2['pwd2']);
if($pwdcheck2 == false) {
header("Location: ../splash.php?error=wrongdetails");
exit();
} elseif ($pwdcheck2 == true) {
session_start();
$_SESSION['userlog2'] = $row2['idUsers2'];
header("Location: ../../t/index2.php?login=success");
exit();
}
}
}
} else {
header("Location: ../splash.php?error=usernotfound");
}
Thanks!
The fact you should have a single users table aside, the problem is coming from the numerous conditions, every one of them being useless.
Basically if you need to get the results from two queries, then you should execute them right away, one by one. Without any intermediate conditions
$sql = "SELECT * FROM users1 WHERE email1=?;";
mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "s", $ema);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result)
if (!$row) {
$sql = "SELECT * FROM users2 WHERE email2=?;";
mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "s", $ema);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
}
Now you can check the password
if(($row && password_verify($pas, $row['pwd'])) {
// OK
} else {
// not OK
}
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
i have this user sign in script using php prepared statement, but it is not working i have tried to switch values but still not working sometimes i get a "user does not exit" error sometimes just a blank page with the redirected link.
if(isset($_POST['login'])){
require 'dbh.php';
$mail = $_POST['email'];
$pwd = $_POST['password'];
if (empty($mail) || empty($pwd)) {
header("Location: ../login.php?error=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE id=? OR email=?;";
$stmt = mysqli_stmt_init($db);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=error");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)){
$pwdCheck = password_verify($pwd, $row['password']);
if($pwdCheck == false) {
header("Location: ../login.php?error=wrongPassword");
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['uId'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: ../profile/index.php?success");
exit();
}
}
}
}
} else {
header("Location: ../login.php");
exit();
} ```
I can see many mistakes in your code.
seems like you have missed entering the id param in the query.
Here you have mentioned id & email, "SELECT * FROM users WHERE id=? OR email=?;"
But here (mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);) you are binding $mail and password and not id and email.
You have used a extra semi colon ($sql = "SELECT * FROM users WHERE id=? OR email=?;";)
I making a Login page using mysqli. After commenting out the if statements to find out where the error resides, the error looks to be within this block of code:
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
When trying to run this script, I get a 500 error. I can't find any syntax or naming errors.
Here is the full script:
<?php
if(isset($_POST['login-submit'])) {
require('dbh.inc.php');
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header('location: ../admin.php?error=emptyfields');
exit();
} else {
$sql = "SELECT * FROM adminAccounts WHERE uid_user = ? OR email_user = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('location: ../admin.php?error=sqlerror');
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwd_user']);
if ($pwdCheck == false) {
header('location: ../admin.php?error=wrongpassword');
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['userID'] = $row['id_user'];
$_SESSION['userUID'] = $row['uid_user'];
header('location: ../index.php?login=success');
exit();
} else {
header('location: ../admin.php?error=wrongpassword');
exit();
}
} else {
header('location: ../admin.php?error=nouser');
exit();
}
}
}
} else {
header('location: ../index.php');
exit();
}
Any help or advice would be very much appreciated
Found out after further testing, within my cpanel I didn't have nd_mysqli enabled. Enabling that fixed the problem. Thanks to RiggsFolly for helping
What i want to do is to check if the email & username are already inside on my database, then if it is already inside the database then i want to echo out the username, how to fix this? thanks
$sql = "SELECT * FROM user WHERE uidUser=? OR emailUser=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $username, $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
while ($row=mysqli_stmt_fetch($stmt)) {
echo "Name: ".$row['uidUser'];
}
}
}