I making a Login page using mysqli. After commenting out the if statements to find out where the error resides, the error looks to be within this block of code:
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
When trying to run this script, I get a 500 error. I can't find any syntax or naming errors.
Here is the full script:
<?php
if(isset($_POST['login-submit'])) {
require('dbh.inc.php');
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header('location: ../admin.php?error=emptyfields');
exit();
} else {
$sql = "SELECT * FROM adminAccounts WHERE uid_user = ? OR email_user = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header('location: ../admin.php?error=sqlerror');
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwd_user']);
if ($pwdCheck == false) {
header('location: ../admin.php?error=wrongpassword');
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['userID'] = $row['id_user'];
$_SESSION['userUID'] = $row['uid_user'];
header('location: ../index.php?login=success');
exit();
} else {
header('location: ../admin.php?error=wrongpassword');
exit();
}
} else {
header('location: ../admin.php?error=nouser');
exit();
}
}
}
} else {
header('location: ../index.php');
exit();
}
Any help or advice would be very much appreciated
Found out after further testing, within my cpanel I didn't have nd_mysqli enabled. Enabling that fixed the problem. Thanks to RiggsFolly for helping
Related
so I'm trying to restrict the access of users
example: member tries to visit admin page by typing "test.com/admin.php" in the url bar
also if someone is not logged in or an admin tries to access a member page
but I'm getting an error message which tells me too many redirects
hope somebody can help me, thanks in advance
this is the login.inc.php script which basically logs me in:
<?php
require 'dbh.inc.php';
$mailUid = $_POST['mailuid'];
$password = $_POST['pwd'];
if(empty($mailUid || empty($password))){
header("Location: ..index.php?error=emptyfields");
exit();
}
else{
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../index.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "ss", $mailUid, $mailUid);
mysqli_stmt_execute($stmt);
$results = mysqli_stmt_get_result($stmt);
if($row = mysqli_fetch_assoc($results)){
$pwdCheck = password_verify($password, $row['pwdUsers']);
if($pwdCheck == false){
header("Location: ../index.php?error=wrongpassword");
exit();
}
else if($pwdCheck == true){
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['userRole'] = $row['roleUsers'];
if($_SESSION['userRole'] == "admin"){
header("Location: ../admin.php");
exit();
}
if($_SESSION['userRole'] == "member"){
header("Location: ../member.php");
exit();
}
}
else{
header("Location: ../index.php?error=wrongpassword");
exit();
}
}
else{
header("Location: ../index.php?error=nousers");
exit();
}
}
}
This is the validate.inc.php script which redirects people based on roles
<?php
$role = $_SESSION['userRole'];
if($role=="admin"){header("Location: ./admin.php");}
elseif($role=="member"){header("location: ./member.php");}
I'm trying to make a log in form. But every time that I try to login it always give a error message that my password is incorrect. Im using md5 to hash my password in the database.
I've tried to remove the hash and password_verify to my code but it automatically login the user with incorrect passowrd
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)){
header("Location: ../systemlogintut/index1.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../systemlogintut/index1.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SERVER['userId'] = $row['idUsers'];
$_SERVER['userUid'] = $row['uidUsers'];
header("Location: ../systemlogintut/index1.php?login=success");
exit();
}
else {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
}
else {
header("Location: ../systemlogintut/index1.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: ../systemlogintut/index1.php");
exit();
}
You are automatically logging in the user, change the redirect code in this line
if ($row = mysqli_fetch_assoc($result))
{
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd"); // change the redirection here
exit();
}
try it
$password = md5($_POST['pwd']);
I just change it to:
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
instead of using:
$hashedPwd = mb5($password, PASSWORD_DEFAULT);
My database is empty. I don't know what's wrong any more. Is it a syntax error? I've already tried to find a syntax error, but I can't find one. Can anyone help me or tell me what's the problem?
<?php
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) ||
empty($passwordRepeat)) {
header("Location: ../signup.php?
error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) &&
!preg_match("/^[a-zA-Z0-9]*%/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=");
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?
error=invalidmail&uid=".$username);
exit();
}
elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=".$email);
exit();
}
elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?
error=passworcheck&uid=".$username."&mail=".$email);
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?
error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers)
VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $email,
$password);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../signup.php");
exit();
}
My guess: This line is wrong:
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
^^^^^^^^^
....
mysqli_stmt_bind_param($stmt, "s", $username);
I think, you want to ask fo a user name to get the user id.
There maybe more errors.
Im making a login system for my website, in newer to php coding and when i press my login button it sends me with the "login.php?error=nouser" in the url when my email is in my database, im not sure if i messed up with some code or something needs to be moved around or not. I am new to php and dont have a eye good enough to spot some of these problems.
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$emailuid = $_POST['emailuid'];
$password = $_POST['pwduid'];
if (empty($emailuid) || empty($password)) {
header("Location: ../login.php?error=emptyfields&emailuid=".$emailuid);
exit();
} else {
$sql = "SELECT * FROM users WHERE emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $emailuid, $emailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == flase) {
header("Location: ../login.php?error=wrongpassword");
exit();
} elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userfnId'] = $row['fnidUsers'];
$_SESSION['userlnId'] = $row['lnidUsers'];
header("Location: ../login.php?login=success");
exit();
} else {
header("Location: ../login.php?error=wrongpassword");
exit();
}
} else {
header("Location: ../login.php?error=nouser");
exit();
}
}
}
} else {
header("Location: ../login.php");
exit();
}
Any type of help is appreciated, im learning how this all works. thanks for the understanding.
You've only specified one placeholder in your query:
$sql = "SELECT * FROM users WHERE emailUsers=?";
But you've tried to bind two parameters:
mysqli_stmt_bind_param($stmt, "ss", $emailuid, $emailuid);
You probably just want this:
mysqli_stmt_bind_param($stmt, "s", $emailuid);
Also, spelling:
if ($pwdCheck == flase) {
Also, this makes no sense:
if ($pwdCheck == false) {
...
} elseif ($pwdCheck == true) {
...
} else {
...
}
Just do this:
if ($pwdCheck == false) {
...
} else {
...
}
Or better:
if (password_verify($password, $row['pwdUsers']) === true) {
...
} else {
....
}
I am trying to make a login system with php but i cant figure out why my form is just redirecting me to the script file when i click on my login button. it works fine on my sign up form. everything seems to work exept its redirecting me to the script file. My php file that contains my form: https://codepen.io/hubbe-andersson/pen/yGOPoM
EDIT: I have put my phpscript into my header.php instead and now im getting ERR_TOO_MANY_REDIRECTS in chrome what is caussing this?
<?php
if(isset($_POST['login-sub'])) {
require 'databash.php';
$username = $_POST['mailname'];
$password = $_POST{'pwd'};
if(empty($username) || empty($password)) {
header("Location: index.php?error=tommarutor");
exit();
} else {
$sql = "SELECT * FROM USERS WHERE uidUsers=? OR emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_parem($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultat = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($resultat)) {
$checkpwd = password_verify($password, $row['pwdUsers']);
if($checkpwd == false) {
header("Location: index.php?error=fellosenord");
exit();
}
else if ($checkpwd == true) {
seassion_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: index.php?login=lyckades");
exit();
}
else {
header("Location: index.php?error=fellosenord");
exit();
}
}
else {
header("Location: index.php?error=ingenanvandare");
exit();
}
}
}
} else {
header("Location: index.php");
exit();
}
line 6 error: use [...] instead of {...}
Look at the middle code block. Everything inside that focuses on determining which error the results will return, so establish that in your $_SESSION data and then redirect header("Location.... once. Most mistakes are little ones like the line 6 error, make a habit of adding // comments to your code so that it's easier to sort out the lines and sections of your code.
<?php
if(isset($_POST['login-sub'])) {
require 'databash.php';
$username = $_POST['mailname'];
$password = $_POST['pwd'];
if(empty($username) || empty($password)) {
header("Location: index.php?error=tommarutor");
exit();
} else {
$sql = "SELECT * FROM USERS WHERE uidUsers=? OR emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_parem($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultat = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($resultat)) {
$checkpwd = password_verify($password, $row['pwdUsers']);
if($checkpwd == false) {
session_start();
$_SESSION['error']="fellosenord";
} else if ($checkpwd == true) {
seassion_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['login']="lyckades");
} else {
session_start();
$_SESSION['error']="fellosenord";
} //end checkpwd
} else { // if fetch fails, send error
session_start();
$_SESSION['error']="ingenanvandare";
} // end fetch
header("Location: index.php");
} // end if stmt exists
} // end not empty input
} else { // if isset isn't set...
header("Location: index.php");
exit();
} // end isset
php database mysqli
Your index.php page need to start off by looking for the query string passed via $_SESSIONS to prevent people from trying to access the page without the related form.
session_start();
if ( empty($_SESSION['id']) ) { // no session info...
...
} else {
...
}
Ask your teacher to explain finding errors and solving problems so you can learn what to look for.