Php oop not getting data from db - php

So I have this piece of code that I just followed some guide to create,
<?php
session_start();
if (isset($_POST['submit'])) {
include 'db.conf.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$_SESSION['uid'] = $uid;
//Error handleri
//Check jesu inputi empty
if (empty($uid) || empty($pwd))
{
header("Location: ../index.php?login=empty");
exit();
}
else
{
$sql = "SELECT * FROM users WHERE user_uid = '$uid' OR user_email = '$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1)
{
header("Location: ../index.php?login=usernamenepostoji");
exit();
}
else
{
if ($row = mysqli_fetch_assoc($result)) {
//Dehashiranje
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=invalidpass");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Logiranje
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
else
{
header("Location: ../index.php?login=error");
exit();
}
?>
It's just simple error handling and logging in that works. I understand it and wanted to recreate it with a bit more oop.
<?php
session_start();
include 'db.conf.php';
class Login
{
public $username;
public $password;
function __construct()
{
$this->username = $_POST['uid'];
$this->password = $_POST['pwd'];
$this->checkinputs();
}
function checkinputs()
{
if (empty($this->username) || empty($this->password))
{
header("Location: ../index.php?login=empty");
exit();
}
else
{
$username = $this->username;
$sql = "SELECT * FROM users WHERE user_uid =".$username;
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1)
{
header("Location: ../index.php?login=usernamenepostoji");
exit();
}
else
{
if ($row = mysqli_fetch_assoc($result)) {
//Dehashiranje
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=invalidpass");
exit();
}
elseif ($hashedPwdCheck == true)
{
//Logiranje
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
}
?>
This is what I got, it's literally the same code just using functions and other things to 'seperate' it into chunks. It doesn't work. I keep getting stuck on the if $resultCheck < 1 header which means that the username doesn't exist. Though I'm sure it does since nothing changed in the db. So it lead me to thinking its the $conn, it just doesn't connect to the database. I've dumped the $username variable in a file to check if it works, it does. I just have no idea how to proceed.

$conn doesn't exist in method checkinputs().
Either make it global:
function checkinputs()
{
global $conn;
...
}
which I would not recommend (because using globals is disencouraged).
or pass it into Login::_construct() and set it to $this->conn (then use it as $this->conn: $result = mysqli_query($this->conn, $sql);):
function __construct($conn)
{
$this->conn = $conn; // maybe also check if you have a valid connection!
$this->username = $_POST['uid'];
$this->password = $_POST['pwd'];
$this->checkinputs();
}
function checkinputs()
{
// no global now!
....
$result = mysqli_query($this->conn, $sql);
....
}
BUT: please switch to prepared stements. This code is vulnerable to sql injection!
related: Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?

Related

Check user permission

I want to check a user if they have permission to view the site during the login process via a manual set value in MySQL.
How would I insert that check into this code:
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//de-hash pass
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//log in user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
You have pretty much everything done already. But your question not clear enough. Do you want to block the user from login or only allow limited access to certain pages for the user ?
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
if($row['user_can_login']){
//log in user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}else{
header("Location: ../index.php?login=error");
exit();
}
}
This is to block existing user from login.

login validation show an alert if the user entered the wrong login information

I need to echo or to show an alert box when the user entered a incorrect user name and password. I used the url for the mean time to show the status if the user entered the incorrect username or the incorrect password.
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string ($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string ($conn, $_POST['pwd']);
//ERROR HANDLERS
//Check for empty fields
if (empty($uid) || empty($pwd)) {
header("Location: ../login.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../login.php?username_not_found");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../login.php?password_not_match");
exit();
} elseif ($hashedPwdCheck == true) {
//Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../apptableremarks.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
first change this line
header("Location: ../login.php?login=notFound");
then on the top the page in index.php file write this code
if(isset($_GET['login']))
{
echo "user name not found";
}
i think you should pass header variable like this :**
header("Location: ../login.php?user=not_found");
and then you can grab it using $_GET[] variable.
Like this: if(isset($_GET["user"] && $_GET["user"]==="not_fount")) echo "your alert message";

Call to undefined method mysqli_stmt::get_results()

Here is my login PHP code
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid= ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s",$user_uid);
$stmt->execute();
$result = $stmt->get_results(); //LINE 20 IS HERE BTW
$num_rows = $result->num_rows;
if($num_rows == 1) {
$rows = $result->fetch_assoc();
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=errorchecker");
exit();
} elseif ($hashedPwdCheck == true) {
#Logs in
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
$read->close();
} else {
header("Location: ../index.php?login=errorb4pwcheck");
}
}
}
Returns the error
Fatal error: Call to undefined method mysqli_stmt::get_results() in C:\wamp64\www\loginsystem-1\includes\login.inc.php on line 20
$result = $stmt->get_results();
I have searched as many threads as I can find and have tried different ways on doing this prepared statement, I have seen a lot about mysqlnd not being installed and enabled.
Proof mine is:
phpinfo on mysqlnd
I have tried using the bind & fetch methods but it just simply doesn't work, I'm guessing I am doing it wrong but i've watched many different tutorials and read forum posts about it and tried to apply it to my work.
This was the solution code my friend helped me solve :) Just incase anyone experienced the same issue...
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
# Error handlers
# Check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid= ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $_POST['uid']);
$stmt->execute();
$result = $stmt->get_result();
$num_rows = $result->num_rows;
if($num_rows == 1) {
while ($rows = $result->fetch_assoc()) {
if (!password_verify($pwd, $rows['user_pwd'])) {
header("Location: ../index.php?login=errorchecker");
exit();
} else {
#Logs in
$_SESSION['u_id'] = $rows['user_id'];
$_SESSION['u_first'] = $rows['user_first'];
$_SESSION['u_last'] = $rows['user_last'];
$_SESSION['u_email'] = $rows['user_email'];
$_SESSION['u_uid'] = $rows['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
$read->close();
} else {
header("Location: ../index.php?login=errorb4pwcheck");
}
}
}

function mysql_fetch_row returns NULL, which disables login

In this following code var_dump($row) returns NULL, while $sql, $conn and $result seem to be ok.
New to PHP, and cant figure out what is the problem. Thanks for help!
<?php
session_start();
include_once 'dbh.inc.php';
if (isset($_POST['submit'])) {
$uid = mysqli_real_escape_string($conn, $_POST['name']);
$pwd = mysqli_real_escape_string($conn, $_POST['password']);
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
//Check if username exists USING PREPARED STATEMENTS
$sql = "SELECT * FROM us WHERE user_username='$uid'";
$result = mysqli_query($conn, $sql);
if($result) {
var_dump($result);
$row = mysqli_fetch_row($result);
var_dump($row);
if (mysqli_num_rows($result) > 0) {
if ($pwd != $row['user_password']) {
header("Location: ../index.php?login=passerror");
exit();
} else {
//Set SESSION variables and log user in
$_SESSION['id'] = $row['id'];
$_SESSION['user_email'] = $row['user_email'];
$_SESSION['user_username'] = $row['user_username'];
header("Location: ../index.php");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=buttonerror");
exit();
}
I'm not super experienced either, but try this and let me know.
change
$row = mysqli_fetch_row($result);
to
$row = mysqli_fetch_assoc($result);
Nothing wrong with your code, it's works fine, please change the db and check it once
you are passing $conn in mysql_real_escape_string
$uid = mysqli_real_escape_string($_POST['name']);
$pwd = mysqli_real_escape_string($_POST['password']);

How to redirect two users according to their roles in PHP

How can I redirect two users according to their roles? I have database user type 1 and type 0. My log-in code is like this. Type 1 is suppose to be an admin and type 0 is a regular user.
<?php
session_start();
if(isset($_POST['submit'])){
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if (empty($uid) || empty($pwd)){
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)){
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../main.php?login=success");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
you can do this easily by if()..else... but at all don't use directly header to redirect, I suggest you use this function to redirect:
function redirect($url){
if (headers_sent()){
die('<script type="text/javascript">window.location.href=\'' . $url . '\';</script>');
}else{
header('Location: ' . $url);
die();
}
}
this is what you need to do:
if($type == 1)
redirect($admin_url);
else
redirect($user_url);

Categories