PHP: PDO if user exists check doesn't work - php

I'm new to PHP, I created User class/object which has a function that checks for user, it returns $stmt->rowCount() but when I check for it in code it just skip it, register the user..
Here is the code:
if(empty($name_err) && empty($email_err) && empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
if($user->doesUserExist($email) === 0) {
$password = password_hash($password, PASSWORD_DEFAULT);
$user->register($username, $name, $email, $password);
} else {
$global_err = "Email is already taken";
}
}
Here is the function from User class:
public function doesUserExist($email) {
$query = "SELECT * FROM users WHERE email = :email";
$stmt = $this->connection->prepare($query);
$stmt->bindParam(':email', $email);
$stmt->execute();
$rowcount = $stmt->rowCount($stmt);
return $rowcount;
}


instead of === in your condition of if($user->doesUserExist($email) === 0) try to change to ==
and then try to change your method like this:
public function doesUserExist($email) {
$query = "SELECT * FROM users WHERE email = '" . $email . "';";
$stmt = $this->connection->prepare($query);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$rowcount = count($stmt->fetchAll());
return $rowcount;
}


You should Try
Call the function
$checkemail=$api->checkuseremail($email);
if($checkemail)
{
echo $mail_check;
}
and define your function like this
public function checkuseremail($email)
{
$db=getDB();
$stmt = $db->prepare("Select id from table_name where email=:email");
$stmt->bindParam("email", $email, PDO::PARAM_STR);
$stmt->execute();
$count = $stmt->rowCount();
if($count)
{
return true;
}
else
{
return false;
}
}
It will return email are already exist or not

Related

Can I use the parameter in the function and echo it out in the if statement below

I am experiencing a problem where I can't use the parameter in the function in other functions more specifically the $studentnumber parameter, is it possible for the parameters used in other functions, the parameter used were dynamic parameter. I'm new to PHP so my terminology might be off I the end goal is to make $studentnumber, able to be used in other functions.
public function login($studentnumber, $password) {
$conn = dbconnection();
$stmt = $conn->prepare("SELECT * FROM login WHERE studentnumber = :studentnumber");
$stmt->bindParam(':studentnumber', $studentnumber);
$stmt->execute();
$row = $stmt->fetch();
if ($password == $row['password']) {
echo $studentnumber;
return true;
} else {
return false;
}
}
public function login($studentnumber, $password) {
$this->studentnumber = $studentnumber;
$conn = dbconnection();
$stmt = $conn->prepare("SELECT * FROM login WHERE studentnumber = :studentnumber");
$stmt->bindParam(':studentnumber', $studentnumber);
$stmt->execute();
$row = $stmt->fetch();
if ($password == $row['password']) {
echo $this->studentnumber;
return true;
} else {
return false;
}
}

Php MySql Select count with prepared statment return always 1

I'm using this method to get make a login Web Service:
function redeem() {
if (isset($_POST["user"]) && isset($_POST["pass"]) && isset($_POST["computer"])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$computer = $_POST['computer'];
$galNumb = "SELECT COUNT(*) FROM Useres WHERE username = ? AND password = ?";
$stmt = $this->db->prepare($galNumb);
$stmt->bind_param('ss', $user, $pass);
$gNumb = $stmt->execute();
$result = array(
"success" => "true",
);
$this->sendResponse(200, $gNumb);
return true;
}
$this->sendResponse(400, 'Invalid request');
return false;
}
The problem is that $gNumb always return 1 even when the sql table not contain the username and the password. Any idea what can be the problem?

You forgot to fetch results:
...
$stmt->bind_param('ss', $user, $pass);
if ($stmt->execute()) {
$stmt->bind_result($gNumb);
$stmt->fetch();
} else {
$gNumb = 0;
}
...

Error in php code regarding login

I am doing an android project and I've got a problem while logging into the account. I am able to login even if the password is incorrect or empty. I am unable to recognize the error. I have checked my code but nothing helped me Could anyone help me with this?
My Code:
userLogin.php
require_once '../includes/DbOperations.php';
$response = array();
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['username']) and isset($_POST['password'])){
$db = new DbOperations();
$result = $db->userLogin($_POST['username'], $_POST['password']);
if ($result == 1) {
# code...
$user = $db->getUserByUsername($_POST['username']);
$response['error'] = false;
$response['id'] = $user['id'];
$response['email'] = $user['email'];
$response['username'] = $user['username'];
$response['phone'] = $user['phone'];
$response['gender'] = $user['gender'];
$response['message'] = "Found successfully";
}
elseif ($result == 2) {
# code...
$response['error'] = true;
$response['message'] = "Some error occurred please try again";
}
}else{
$response['error'] = true;
$response['message'] = "Required fields are missing";
}
}
echo json_encode($response);
DbOperations.php
public function userLogin($username, $pass){
$password = md5($pass);
$stmt = $this->con->prepare("SELECT * FROM users WHERE username = ? AND password = ?;");
if($stmt != FALSE){
$stmt->bind_param("ss",$username,$password);
if($stmt->execute()){
return 1;
}else{
return 2;
}
$stmt->store_result();
$stmt->close();
else
{
var_dump($this->con->error);
}
}
public function getUserByUsername($username){
$stmt = $this->con->prepare("SELECT * FROM users WHERE username = ?;");
if($stmt != FALSE){
$stmt->bind_param("s",$username);
$stmt->execute();
return $stmt->get_result()->fetch_assoc();
}
else
{
var_dump($this->con->error);
}
}

please return the value if records found but you are returning the value if query executed successfully.
Your code :
if($stmt->execute()){
return 1;
}else{
return 2;
}
Should be :
if($stmt->num_rows > 0){
return 1;
}else{
return 2;
}
And as per your code if you enter wrong username than it should work to.

if($stmt->execute() != FALSE) is not correct. see below code:
public function userLogin($username, $pass){
$password = md5($pass);
$stmt = $this->con->prepare("SELECT * FROM users WHERE username = ? AND password = ?;");
if($stmt != FALSE){
$stmt->bind_param("ss",$username,$password);
$stmt->execute()
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
return $rows;
else
{
var_dump($this->con->error);
}
}
public function getUserByUsername($username){
$stmt = $this->con->prepare("SELECT * FROM users WHERE username = ?;");
if($stmt != FALSE){
$stmt->bind_param("s",$username);
$stmt->execute();
return $stmt->get_result()->fetch_assoc();
}
else
{
var_dump($this->con->error);
}
}

num_rows not working pdo,mysqli, always return 0

I have a interesting problem.
// in pdo with function --> not work
function UserIsExist($name)
{
global $db;
$stmt = $db->prepare("SELECT id FROM tarskereso_users WHERE email = '$name' LIMIT 1");
$stmt->execute();
if ($stmt->fetchColumn() == 1) return 1;
else return 0;
}
// with MySQLi --> not working
function UserIsExist($name)
{
global $db;
$stmt = $db->prepare("SELECT id,email FROM tarskereso_users WHERE email = ? LIMIT 1");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1)
return 1;
else
return 0;
$stmt->close();
}
// In Register.php
... other ..
if(UserIsExist($user) == 1)
$error_msg = "Is Exist";
else
{
$birthdate = $year.'.'.$month.'.'.$day;
CreateUser($user,$pass,$birthdate,$sex);
$error_msg = 'Success';
}
So, with function not working, I try with:
$stmt = $db->prepare("SELECT id,email FROM tarskereso_users WHERE email = ? LIMIT 1");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0)
... other ...
else
echo 'isnt exist...';
$stmt->close();
but not working, the num_rows always return 0. And the account in the database successfuly created

in pdo, num_rows won't work.
you have to use $sql->rowCount() method to get number of records in a table.
<?php
$sql = $con->prepare("<YOUR SQL QUERY HERE>");
$sql->execute();
if($sql->rowCount() > 0){
echo $sql->rowCount() ." rows found";
}
?>

Login function only works once

I have the following php functions that process a user logging in. The functions are part of a class User.
/*
* detail() function to get a detail from a database
* exists() function to check if something exists in a database
*/
private function generate($password, $username = null) {
if(is_null($username)) {
$date = '0000-00-00';
} else {
$date = $this->_db->detail('last_active', 'users', 'username', $username);
}
// This is not the real thing but it will do as an example
$salt = md5(strrev($password.$date));
$password = md5($salt.$password.$date).strrev($password);
return $password;
}
public function login($data = array()) {
// Check if the user exists
$username = $data['username'];
if($this->_db->exists('username', 'users', 'username', $username)) {
$password = $this->generate($data['password'], $username);
// If the account is active
if ($this->_db->detail('active', 'users', 'username', $username) === 1) {
$stmt = $this->_db->mysqli->prepare("SELECT `username`, `password` FROM `users` WHERE `username` = ? AND `password` = ? AND `active` = 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows >= 1) {
// Function to update last_active
if($this->updateLastActive($username)) {
// Function to update password
if($this->updatePassword($username, $this->generate($password, $username))) {
// Set the session
$this->_session->set('user', $this->_db->detail('id', 'users', 'username', $username));
if($this->_session->exists('user')) {
return true;
} else {
echo 'Logging in went wrong';
return false;
}
} else {
echo 'Editing the password went wrong';
return false;
}
} else {
echo 'Editing last active date went wrong';
return false;
}
} else {
echo 'Wrong username and password combination';
return false;
}
} else {
echo 'Account not active';
return false;
}
} else {
echo 'Username doesn\'t exists';
return false;
}
}
private function updateLastActive($username) {
$date = date('Y-m-d');
$stmt = $this->_db->mysqli->prepare("UPDATE `users` SET `last_active` = ? WHERE `username` = ?");
$stmt->bind_param('ss', $date, $username);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
private function updatePassword($username, $password) {
$stmt = $this->_db->mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `username` = ?");
$stmt->bind_param('ss', $password, $username);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
The user can login with no problem when he just registered. But when the user is logged out and than tries to login again it will fail. The part I get an error on is the following:
$stmt = $this->_db->mysqli->prepare("SELECT `username`, `password` FROM `users` WHERE `username` = ? AND `password` = ? AND `active` = 1");
I tried to find out where the script fails with echo on different places in the functions but I couldn't find the error. The reason why the generate() function has $username = null is because the same function is used for registration.
So all functions are working but they only work once so this leaves me that someting in the generate() function is wrong. I always get the message that there is something wrong with the username / password combination
If someone could point me in the right direction I would be very happy.
Thanks in advance
UPDATE
The detail() and exists() functions are part of a class Database.
public function detail($detail, $table, $column, $value) {
if(is_array($detail)) {
$data = array();
foreach($detail as $key) {
$stmt = $this->mysqli->prepare("SELECT `$key` FROM `$table` WHERE `$column` = ?");
if(is_numeric($value)) {
$stmt->bind_param('i', $value);
} else {
$stmt->bind_param('s', $value);
}
$stmt->execute();
$stmt->bind_result($detail);
$stmt->fetch();
$data[] = $detail;
$stmt = null;
}
return $data;
} else {
$stmt = $this->mysqli->prepare("SELECT `$detail` FROM `$table` WHERE `$column` = ?");
if(is_numeric($value)) {
$stmt->bind_param('i', $value);
} else {
$stmt->bind_param('s', $value);
}
$stmt->execute();
$stmt->bind_result($detail);
$stmt->fetch();
return $detail;
}
}
public function exists($detail, $table, $column, $value) {
$stmt = $this->mysqli->prepare("SELECT `$detail` FROM `$table` WHERE `$column` = ?");
switch(is_numeric($value)) {
case true:
$stmt->bind_param('i', $value);
break;
case false:
$stmt->bind_param('s', $value);
break;
}
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows >= 1) {
return true;
} else {
return false;
}
}

Create a hash field in your table, make it long enough to avoid length issue.
md5() is not acceptable now, you should be using better hash function such as password_hash()
Register:
private function register($username, $password) {
//safer than md5() anyway
$hash = password_hash($password, PASSWORD_DEFAULT);
$sql = 'INSERT INTO table_name (`username`, `hash`) VALUES (?, ?);'
$stmt = $this->_db->mysqli->prepare($sql);
$stmt->bind_param('ss', $username, $hash);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
Login :
public function login($username, $password) {
// Check if the user exists
if($this->_db->exists('username', 'users', 'username', $username)) {
// If the account is active
if ($this->_db->detail('active', 'users', 'username', $username) === 1) {
$sql = 'SELECT `username`, `hash` FROM `users` WHERE `username` = ? AND `active` = 1';
$stmt = $this->_db->mysqli->prepare();
$stmt->bind_param('ss', $username, $hash);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows === 1) {
if (password_verify($password, $hash)) {
// Function to update last_active
if($this->updateLastActive($username)) {
echo 'last active updated, Login successful';
return true;
} else {
echo 'Editing last active date went wrong';
return false;
}
} else {
echo 'Wrong username and password combination';
return false;
}
} else {
echo 'Account not active';
return false;
}
} else {
echo 'Username doesn\'t exists';
return false;
}
}
}
Of course you can still use custom salt, for example
$hash = password_hash($password
,PASSWORD_DEFAULT
,array('salt' =>generate()));//generate() returns the salt

Categories