So I'm making a login system for a web app I'm developing. I have a register.php file, which is NOT a class. I have an AccountInterface.php file, which is a class.
register.php
<?php
session_start();
if(isset($_SESSION["loggedin"]))
{
header("http://ezblog.guru");
return;
}
require_once("../api/AccountInterface.php");
require_once("../api/Utils.php");
use Massively\api\AccountInterface;
$accountAPI = new AccountInterface();
$creds = parse_ini_file("../../config/mysql.ini");
$conn = new mysqli($creds["ip"], $creds["username"], $creds["password"], $creds["db"]);
var_dump($conn);
if($conn->connect_error)
{
echo "MySQLi connect error:" . $conn->connect_error;
} else
{
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
if(filter_var($email, FILTER_VALIDATE_EMAIL) === $email)
{
if(!filter_var($username, FILTER_VALIDATE_EMAIL))
{
if(!$accountAPI->checkAccount($username, $conn))
{
if(!$accountAPI->accountExists($username, $email, $conn))
{
$ip = $_SERVER['REMOTE_ADDR']?:($_SERVER['HTTP_X_FORWARDED_FOR']?:$_SERVER['HTTP_CLIENT_IP']);
$salt = Massively\api\Utils::random_str(40);
$pin = rand(10000, 99999);
$accountAPI->registerAccount($username, $email, hash_pbkdf2("sha512", $password, $salt, 27000), $ip, $salt, $pin, $conn);
$msg = "$username,\nThank you for registering an account with E-Z Blog. Before you get started writing blogs using our beautiful web application, please confirm your e-mail by visiting ezblog.guru/confirm.\nYour pin code is $pin\n/E-Z Blog";
$msg = wordwrap($msg);
$headers = "From: ezblog#gmail.com <E-Z Blog>";
//mail($email, "EZ-Blog - confirmation", $msg, $headers);
return;
} else
{
echo "This Email address is already taken";
return;
}
} else
{
echo "This username is already taken";
return;
}
} else
{
echo "Please make sure your username is not an e-mail address";
return;
}
} else
{
echo "Please enter a valid Email address";
return;
}
}
?>
AccountInterface.php
<?php
namespace Massively\api;
class AccountInterface
{
public function checkAccount($user, $conn)
{
if($conn instanceof mysqli)
{
$stmt = $conn->prepare("SELECT id FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows === 0)
{
$stmt->close();
return false;
} else
{
$stmt->close();
return true;
}
} else
{
return "!instanceof mysqli";
}
}
public function accountExists($user, $email, $conn)
{
if($conn instanceof mysqli)
{
$stmt = $conn->prepare("SELECT id FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows !== 0)
{
$foo = "!user";
} else
{
$stmt->free_result();
$stmt->close();
$stmt = $conn->prepare("SELECT id FROM accounts WHERE email=?;");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows !== 0)
{
$foo = "!email";
} else
{
$foo = false;
}
}
$stmt->free_result();
$stmt->close();
return $foo;
} else
{
return "!instanceof mysqli";
}
}
public function getUser($email, $conn)
{
if($conn instanceof mysqli)
{
$stmt = $conn->prepare("SELECT username FROM accounts WHERE email=?;");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows === 0)
{
$stmt->free_result();
$stmt->close();
return false;
} else
{
$stmt->bind_result($user);
while($stmt->fetch())
{
$foo = $user;
}
$stmt->free_result();
$stmt->close();
return $foo;
}
} else
{
return "!instanceof mysqli";
}
}
public function registerAccount($user, $email, $password, $ip, $salt, $pin, $conn)
{
if($conn instanceof mysqli)
{
if(!$this->accountExists($user, $email, $conn))
{
$stmt = $conn->prepare("INSERT INTO accounts (username, email, password, ip, salt, pin, verified) VALUES (?, ?, ?, ?, ?, ?, ?);");
$stmt->bind_param("sssssii", $user, $email, $password, $ip, $salt, $pin, 0);
$stmt->execute();
$stmt->close();
return true;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function unregisterAccount($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("DELETE FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->close();
return true;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function getPin($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("SELECT pin FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($pin);
while($stmt->fetch())
{
$foo = $pin;
}
$stmt->free_result();
$stmt->close();
return $pin;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function login($user, $password, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("SELECT id FROM accounts WHERE username=? AND password=?;");
$stmt->bind_param("ss", $user, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows === 0)
{
$foo = "allowed";
} else
{
$foo = "!allowed";
}
$stmt->free_result();
$stmt->close();
return $foo;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function getSalt($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("SELECT salt FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($salt);
while($stmt->fetch())
{
$foo = $salt;
}
$stmt->free_result();
$stmt->close();
return $foo;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function setVerified($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("UPDATE accounts SET verified=? WHERE username=?;");
$stmt->bind_param("is", 1, $user);
$stmt->execute();
$stmt->close();
return true;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function getVerified($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("SELECT verified FROM accounts WHERE username=?");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($verified);
while($stmt->fetch())
{
$foo = $verified;
}
$stmt->free_result();
$stmt->close();
return $foo;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
public function getUserObject($user, $conn)
{
if($conn instanceof mysqli)
{
if($this->checkAccount($user, $conn))
{
$stmt = $conn->prepare("SELECT id, email, ip FROM accounts WHERE username=?;");
$stmt->bind_param("s", $user);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($id, $email, $ip);
while($stmt->fetch())
{
$foo = new Account($id, $user, $email, $ip);
}
$stmt->free_result();
$stmt->close();
return $foo;
} else
{
return false;
}
} else
{
return "!instanceof mysqli";
}
}
}
?>
All the functions I call with PHP return "!instanceof mysqli", and even if I remove the if($conn instanceof mysqli){}, nothing happens to the db. However, if I add a var_dump($conn) anywhere in register.php, I get that it is a mysqli object. I'm assuming $conn isn't getting passed to the AccountInterface function correctly? What can I do to solve this?
EDIT:
I know that $accountAPI->checkAccount($username, $conn) returns "!instanceof mysqli" because I added if($accountAPI->checkAccount($username, $conn) === "!instanceof mysqli"){ echo "not an instance of mysqli"; }, which outputted not an instance of mysqli. I didn't show this here because I wanted to show my original code.
EDIT 2:
After fidgeting around a little bit with the checkAccount function, I added a var_dump($stmt), turns out $stmt is an instance of mysqli_stmt, yet nothing is being done to the db still.
You could solve it by actually applying dependency injection. Your code would look kinda like this:
namespace Massively\api;
use MySQLi;
class Authentication
{
private $connection;
public function __construct(MySQLi $connection)
{
$this->connection = $connection;
}
public function checkAccount($user)
{
$sql = 'SELECT id FROM accounts WHERE username=?';
$stmt = $this->connection->prepare($sql);
// ... etc.
And in your register.php it would look like:
$conn = new \MySQLi($creds["ip"], $creds["username"], $creds["password"], $creds["db"]);
$accountAPI = new \Massively\api\Authentication($conn);
// some unimportant code here
if(!$accountAPI->checkAccount($username)) {
if(!$accountAPI->accountExists($username, $email))
{
// more code here
}
}
And you really need to work on naming things.
Related
The password is hashed and enters the db when i try to verify it it returns false every time i have echoed out the password going in and the db password the column in the database is the correct size
<?php
require_once('dbconfig.php');
class USER
{
private $conn;
public function __construct()
{
$database = new Database();
$db = $database->dbConnection();
$this->conn = $db;
}
public function runQuery($sql)
{
$stmt = $this->conn->prepare($sql);
return $stmt;
}
public function register($uname, $umail, $upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare("INSERT INTO USERS(USERNAME, EMAIL, PASSWORD) VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function doLogin($uname, $umail, $upass)
{
try
{
$stmt = "SELECT USERID, USERNAME, EMAIL, PASSWORD, FIRSTNAME FROM USERS WHERE USERNAME = :uname OR EMAIL = :umail ";
$stmt = $this->conn->prepare($stmt, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL));
$stmt->bindparam(':uname', $uname);
$stmt->bindparam(':umail', $umail);
$stmt->execute();
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$db_password = $userRow['PASSWORD'];
$sql = "SELECT COUNT(*) FROM USERS WHERE USERNAME = :uname OR EMAIL = :umail";
$sql = $this->conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL));
$sql->bindparam(':uname', $uname);
$sql->bindparam(':umail', $umail);
$sql->Execute();
$row = $sql->fetch(PDO::FETCH_ASSOC);
if($row == 1)
{
if(password_verify($upass, $userRow['PASSWORD']))
{
$_SESSION['USER_SESSION'] = $userRow['USERID'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['USER_SESSION']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function doLogout()
{
session_destroy();
unset($_SESSION['USER_SESSION']);
return true;
}
}
?>
edit to the code i have added the whole user class but it is still returning false the password in the db looks like this $2y$10$16aMCo14n.QyON8dFsaFL..6Fi92LuBdWMCI3eAv3WHKJTblJKQ6q the column in the db is set to nvarchar (255) not null
I am trying to make my own custom CMS, I can register users and can login aswel, Now I am trying to make a function for user roles,
File: class.user.php
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
File: Home.php
<?php
$userrole = getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
When I try to do this, the error shows up:
Fatal error: Call to undefined function getUserrole() in /Applications/MAMP/htdocs/test/home.php on line 24
I can see something wrong and I was hoping you guys could help me out here:)
Entire class.user.php :
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($uname,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(user_name,user_email,user_pass)
VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($uname,$umail,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname OR user_email=:umail LIMIT 1");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
}
?>
Require the class within your home.php, init it and than call the function
<?php
require_once 'class.user.php';
$userClass = new USER(<yourdbcon>);
$userrole = $userClass->getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
I have the following php functions that process a user logging in. The functions are part of a class User.
/*
* detail() function to get a detail from a database
* exists() function to check if something exists in a database
*/
private function generate($password, $username = null) {
if(is_null($username)) {
$date = '0000-00-00';
} else {
$date = $this->_db->detail('last_active', 'users', 'username', $username);
}
// This is not the real thing but it will do as an example
$salt = md5(strrev($password.$date));
$password = md5($salt.$password.$date).strrev($password);
return $password;
}
public function login($data = array()) {
// Check if the user exists
$username = $data['username'];
if($this->_db->exists('username', 'users', 'username', $username)) {
$password = $this->generate($data['password'], $username);
// If the account is active
if ($this->_db->detail('active', 'users', 'username', $username) === 1) {
$stmt = $this->_db->mysqli->prepare("SELECT `username`, `password` FROM `users` WHERE `username` = ? AND `password` = ? AND `active` = 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows >= 1) {
// Function to update last_active
if($this->updateLastActive($username)) {
// Function to update password
if($this->updatePassword($username, $this->generate($password, $username))) {
// Set the session
$this->_session->set('user', $this->_db->detail('id', 'users', 'username', $username));
if($this->_session->exists('user')) {
return true;
} else {
echo 'Logging in went wrong';
return false;
}
} else {
echo 'Editing the password went wrong';
return false;
}
} else {
echo 'Editing last active date went wrong';
return false;
}
} else {
echo 'Wrong username and password combination';
return false;
}
} else {
echo 'Account not active';
return false;
}
} else {
echo 'Username doesn\'t exists';
return false;
}
}
private function updateLastActive($username) {
$date = date('Y-m-d');
$stmt = $this->_db->mysqli->prepare("UPDATE `users` SET `last_active` = ? WHERE `username` = ?");
$stmt->bind_param('ss', $date, $username);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
private function updatePassword($username, $password) {
$stmt = $this->_db->mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `username` = ?");
$stmt->bind_param('ss', $password, $username);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
The user can login with no problem when he just registered. But when the user is logged out and than tries to login again it will fail. The part I get an error on is the following:
$stmt = $this->_db->mysqli->prepare("SELECT `username`, `password` FROM `users` WHERE `username` = ? AND `password` = ? AND `active` = 1");
I tried to find out where the script fails with echo on different places in the functions but I couldn't find the error. The reason why the generate() function has $username = null is because the same function is used for registration.
So all functions are working but they only work once so this leaves me that someting in the generate() function is wrong. I always get the message that there is something wrong with the username / password combination
If someone could point me in the right direction I would be very happy.
Thanks in advance
UPDATE
The detail() and exists() functions are part of a class Database.
public function detail($detail, $table, $column, $value) {
if(is_array($detail)) {
$data = array();
foreach($detail as $key) {
$stmt = $this->mysqli->prepare("SELECT `$key` FROM `$table` WHERE `$column` = ?");
if(is_numeric($value)) {
$stmt->bind_param('i', $value);
} else {
$stmt->bind_param('s', $value);
}
$stmt->execute();
$stmt->bind_result($detail);
$stmt->fetch();
$data[] = $detail;
$stmt = null;
}
return $data;
} else {
$stmt = $this->mysqli->prepare("SELECT `$detail` FROM `$table` WHERE `$column` = ?");
if(is_numeric($value)) {
$stmt->bind_param('i', $value);
} else {
$stmt->bind_param('s', $value);
}
$stmt->execute();
$stmt->bind_result($detail);
$stmt->fetch();
return $detail;
}
}
public function exists($detail, $table, $column, $value) {
$stmt = $this->mysqli->prepare("SELECT `$detail` FROM `$table` WHERE `$column` = ?");
switch(is_numeric($value)) {
case true:
$stmt->bind_param('i', $value);
break;
case false:
$stmt->bind_param('s', $value);
break;
}
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows >= 1) {
return true;
} else {
return false;
}
}
Create a hash field in your table, make it long enough to avoid length issue.
md5() is not acceptable now, you should be using better hash function such as password_hash()
Register:
private function register($username, $password) {
//safer than md5() anyway
$hash = password_hash($password, PASSWORD_DEFAULT);
$sql = 'INSERT INTO table_name (`username`, `hash`) VALUES (?, ?);'
$stmt = $this->_db->mysqli->prepare($sql);
$stmt->bind_param('ss', $username, $hash);
$stmt->execute();
if($stmt->affected_rows >= 1) {
return true;
} else {
return false;
}
}
Login :
public function login($username, $password) {
// Check if the user exists
if($this->_db->exists('username', 'users', 'username', $username)) {
// If the account is active
if ($this->_db->detail('active', 'users', 'username', $username) === 1) {
$sql = 'SELECT `username`, `hash` FROM `users` WHERE `username` = ? AND `active` = 1';
$stmt = $this->_db->mysqli->prepare();
$stmt->bind_param('ss', $username, $hash);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows === 1) {
if (password_verify($password, $hash)) {
// Function to update last_active
if($this->updateLastActive($username)) {
echo 'last active updated, Login successful';
return true;
} else {
echo 'Editing last active date went wrong';
return false;
}
} else {
echo 'Wrong username and password combination';
return false;
}
} else {
echo 'Account not active';
return false;
}
} else {
echo 'Username doesn\'t exists';
return false;
}
}
}
Of course you can still use custom salt, for example
$hash = password_hash($password
,PASSWORD_DEFAULT
,array('salt' =>generate()));//generate() returns the salt
I'm having some issues with my user registration system--namely the CheckUsername function inside of it.
This code:
function checkUsername($username) {
if ( preg_match('/\s/',$username)) {
return false;
}
if(!preg_match('/^[\w\-]+$/', $username)) {
return false;
}
if(strlen($username) == 0) {
return false;
}
else {
$sql = "SELECT count(username) FROM users WHERE username = :username LIMIT 1";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
try {
$que->execute();
while($row = $que->fetch(PDO::FETCH_BOTH)) {
if($row[0] > 0) {
return false;
}
else {
return true;
}
}
}
catch(PDOException $e) {}
}
}
Isn't working as designed. Users are able to register with names like <script>, which I clearly do not want.
function registerUser($password, $username)
{
if(!$this->checkUsername($username))
{
header('location:index.php');
}
else
{
$password = $this->passwordEncryption($password);
$sql = "INSERT INTO users(username, password) VALUES (:username, :password);";
$sql .= "INSERT INTO bank_accounts(balance, fuel_cell, energy_cell) VALUES (100,100, 100);";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
$que->bindParam('password', $password);
try{
$que->execute();
$que->nextRowset();
$this->login($username, $password);
}
catch(PDOException $e){}
}
}
This states if there is not a word character or - so any string that contains a word character or - and anything else is OK:
if(!preg_match('/^[\w\-]+$/', $username)) {
return false;
}
You probably want if there is any character that is not a word character or -
if(preg_match('/[^\w\-]+$/', $username)) {
return false;
}
try the following :)
function checkUsername($username) {
$username = trim("$username");
if ( empty($username) || !preg_match("/^a-z0-9\-]+$/i", $username)) {
return false;
}
$sql = "SELECT count(1) FROM users WHERE username = :username LIMIT 1";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
try{
$que->execute();
while($row = $que->fetch(PDO::FETCH_BOTH)) {
if($row[0] > 0) {
return false;
} else {
return true;
}
}
} catch(PDOException $e){}
}
For some reason validatelogin returns false, while i'm sure the credentials are correct. Is there something wrong with the syntax I'm using? Thanks in advance!
function validateLogin($username, $password)
{
var_dump(func_get_args());
if($stmt = $this->dbh->prepare("SELECT * FROM user WHERE username = ? AND password = ?"))
{
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
if($stmt->num_rows > 0)
{
$user = $stmt->fetch_assoc();
return $user;
}
return false;
}
}
function login()
{
$this->username = $_POST['username'];
$this->password = $_POST['password'];
if(!empty($this->username) && !empty($this->password))
{
$user = $this->userModel->validateLogin($this->username, $this->password);
var_dump($user); //FALSE
if($user){
$this->user = $user;
$_SESSION['user_id'] = $user['id'];
header('Location: http://localhost/cms/user.php?id=' . $_SESSION['user_id']);
}
else
{
echo "user not found";
}
}
else
{
echo "not filled";
}
}
i think your function is returning false because you tell it to return fase within the if $stmt, give this a shot:
function validateLogin($username, $password)
{
var_dump(func_get_args());
if($stmt = $this->dbh->prepare("SELECT * FROM user WHERE username = ? AND password = ?"))
{
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
if($stmt->num_rows > 0)
{
$user = $stmt->fetch_assoc();
return $user;
}
else{
return false;
}
}
else{
return false;
}
}