I have a function which authenticates user for login.
$login_query = mysqli_query($GLOBALS['conn'],
"SELECT COUNT(`user_id`) as `count`,`user_id` FROM `users`
WHERE `user_email`='$email' AND `user_password` = '" . md5($password) . "'") or die(mysqli_error($GLOBALS['conn']));
return ($mysqli_result->num_rows == 1) ?
mysqli_result($login_query, 0, 'user_id') : false;
I was using mysql_* and now switching to mysqli_*.
What I want to know is that, in return statement how do I return user_id from the row that has been selected from DB?
I've simplified the query a little. This function will return the user_id if the login is successful or "0" if not.
Make the $mysqli connection in a config file that you can include at the top of each page
#config.php#
$dbhost = "localhost";
$dbuser = "";
$dbpassword = "";
$dbdatabase = "";
$salt = "";
$mysqli = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase);
if (mysqli_connect_errno())
{
echo '<p>There was a problem with the mysqli connection:
<br> '.mysqli_connect_error().'</p>';
exit;
}
#Calling the function:#
require_once($_SERVER['DOCUMENT_ROOT'].'/config.php');
checklogin($email, $password, $salt, $mysqli);
function checklogin($email, $password, $salt="", $mysqli)
{
$email = $mysqli->real_escape_string($email);
$password = $mysqli->real_escape_string($password);
$login_query = '
SELECT *
FROM
`users`
WHERE
`user_email`='$email'
AND
`user_password` = "' . md5($salt.$password) . '";';
$result = $mysqli->query($login_query)
$row = $result->fetch_array();
if ($result->num_rows > 0)
{$user_id = $row['user_id'];}
else
{$user_id = 0;}
return $user_ID
}
Related
I want to save my password in encrypted formatting, so, I saved my password using base64_encode in table, For login when i used to fetch my password again in decode format, using base64_decode, it returns blank data, please help me for better solution.
Here is my code.
login_admin.php
<?php
include('connection.php');
if(isset($_POST['submit'])){
$email = $_POST['email'];
$password = decryptIt($_POST['pwd']);
print_r($password); die;
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$admin= $_SESSION['email'];
$query = "SELECT * FROM `user` Where (email = '$email' && role_id = 'admin' )";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
if($row > 0){
if($admin == $row['email'] && $password == $row['password']){
header('location:dashboard1.php');
}
}
}
else{
echo "Login Failed";
}
?>
connection.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "example_user";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function encryptIt( $q ) {
$cryptKey = 'qJB0rGtIn5UB1xG03efyCp';
return base64_encode( base64_encode($q).'+'.$cryptKey );
}
function decryptIt( $q ) {
$cryptKey = '+qJB0rGtIn5UB1xG03efyCp';
return base64_decode(str_replace($cryptKey, "",base64_decode( $q ))) ;
}
?>
Code seems fine, try to put check in the "decryptIt" method for empty value in parameter.
function decryptIt( $q ) {
if($q==''){
return array('error'=>1,"msg"=>"parameter cant be empyt")
}else{
$cryptKey = '+qJB0rGtIn5UB1xG03efyCp';
return array('success'=>1,"decrypt"=>base64_decode(str_replace($cryptKey, "",base64_decode( $q ))))
}}
here am trying to get username and password from the database and if their result is found then redirect to some page but mysqli_num_rows returns 0 always i dunno why `
if (isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `login` WHERE username = '$username' AND password = '$password'";
$run = mysqli_query($con,$query);
if (mysqli_num_rows($run) == 1) {
header("location: login.php");
}}?>
`
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "ornament"; // My local DB Name
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$username = "test"; // $_POST["username"] value
$password = "test"; // $_POST["password"] value
$sql = "SELECT * FROM `ornament` WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1) {
echo "correct";
} else {
echo "wrong";
}
mysqli_close($conn);
?>
</body>
</html>
OUTPUT:
correct
I have a database name and table name are same, But for me it's working fine.
NOTE: Please check the whether you are using correct password while getting from POST.
Any how you got a solution, Have a great day
Thanks
Muthu
I am trying to use php to check my database to see if a value exists. My main goal is to use this value
$_GET['UDID']
and if it is equal to any value that is in the database it will return
echo 'FOUND';
I am using this code:
<?php
$servername = "*****";
$username = "*****";
$password = "*****";
$dbname = "*****";
$connect = new mysqli($servername, $username, $password, $dbname);
if ($connect->connect_error) {
die("CONNECTION FAILED: " . $connect->connect_error);
}
$udid = $_GET['UDID'];
$id = mysqli_real_escape_string($connect, $udid);
$result = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$id'");
if($result === FALSE) {
die("ERROR: " . mysqli_error($result));
}
else {
while ($row = mysqli_fetch_array($result)) {
if($row['udid'] == $udid) {
$results = 'Your device is already registered on our servers.';
$results2 = 'Please click the install button below.';
$button = 'Install';
$buttonlink = 'https://**link here**';
}
else {
$results = 'Your device is not registered on our servers';
$results2 = 'Please click the request access button below.';
$button = 'Request Access';
$buttonlink = 'https://**link here**';
}
}
}
?>
But for some reason it is not working, I am sure I am over looking something. your help is greatly appreciated.
Try this:
$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '" .$udid. "'");
And also, make sure to set the value from 'GET' to $udid. Should be like this:
$udid = $_GET['UDID'];
We can use mysqli_fetch_array() instead to get the result row. I also include error handling. Now your code must look like this :
$udid = $_GET['UDID'];
$id = mysqli_real_escape_string($connect, $udid);
$result = mysqli_query($connect, "SELECT `udid` FROM `wmaystec_WMT-SS`.`data` = '$id'");
if($result === FALSE) {
die(mysqli_error("error message for the user")); //error handling
}
else {
while ($row = mysqli_fetch_array($result)) {
echo "FOUND :" .$row['thefieldnameofUDIDfromyourDB'];
}
}
I would suggest you to first escape the string, using the mysqli_real_escape_string function, and then call the SQL query.
$udid = mysqli_real_escape_string($connect, $udid);
$sql = mysqli_query($connect, "SELECT udid FROM data WHERE udid = '$udid'");
Its a simple registration with username and password, but when I try to insert it to the database it always fails and I don't know why, can someone help me with this?
include "db.php";
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$pwhash = password_hash($password, PASSWORD_DEFAULT) ;
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
echo var_dump ($username);
echo var_dump ($password);
echo var_dump ($pwhash);
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
echo "<script>alert('Username already used!');</script>"; }
else
{
$q = "INSERT INTO `tbl_users` (`fld_username`) VALUES ('$username')";
$result = mysql_query($q);
if ($result) {
echo 'success';
} else {
echo 'failure';
}
}
This is the code of the database connection (db.php)
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
By the way I only want to input only one data on the database which is the username, for me not to get complicated with every data that I want to put in the future.
I have tried to read and do (incorporate) anything I find on here. But I have not found the solution. I'm using wamp server and I have a user table with 2 users one with email and password as test and test1 and no matter what I try the if statement always returns false.
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = " '. $email .' " AND password = " '.$pass1.' " ';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
I have tried to augment mysqli_num_rows but then it comes out always true
You have spaces in your query around your variables:
" '. $email .' "
change to:
"'. $email .'"
MySQL will take those spaces literally when it searches for matches.
I needed to eliminate the blank spaces in the encapsulation of the variable
<?php
$user = "root";
$pass = "";
$db = "testdb";
$db = new mysqli("localhost", $user, $pass, $db) or die("did not work");
echo "it connected";
$email = "test";
$pass1 = "test1";
$qry = 'SELECT * FROM user WHERE email = "'. $email .'" AND password = "'.$pass1.'"';
$result = mysqli_query($db, $qry) or die(" did not query");
$count = mysqli_num_rows($result);
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
?>
If you are using mysqli class version then you should use like below :
<?php
$user = "root";
$pass = "";
$db = "testdb";
$mysqli = new mysqli("localhost", $user, $pass, $db);
$email = "test";
$pass1 = "test1";
$qry = sprintf('SELECT * FROM user WHERE email = "%s" AND password = "%s"',$email,$pass1);
$result = $mysqli->query($qry);
$count = $result->num_rows;
if( $count > 0)
echo " found user ";
else
echo " did not find user or password";
$mysqli->close();
?>