Sign in to follow this  
Followers 0
rootKID

login dosent work, code correct?

5 posts in this topic

Hi W3S

 

I am trying to make a login PHP code with MySQLI and it won't work for some reason, not sure what i have done wrong, can someone see what i did wrong?

 

This is the code:

////////////////////////////////////////////////////////////////////////////////////////////////////////
// Login
////////////////////////////////////////////////////////////////////////////////////////////////////////

$SUBMIT_FORM_ACTION___TakeLoginForm = (isset($_GET["SUBMIT_FORM_ACTION"]) ? $_GET["SUBMIT_FORM_ACTION"] : "");
if( $SUBMIT_FORM_ACTION___TakeLoginForm == "TakeLogin" ) {
	
	$query_1 = "SELECT u_id, u_username, u_password, u_email FROM users WHERE u_email=? AND u_password=?";
	if ( $stmt = $mysqli->prepare($query_1) ) {
		$FORM_email = $_POST['email'];
		$FORM_password = $_POST['password'];
		
		$stmt->bind_param('ss', $FORM_email, $FORM_password);
		$stmt->execute();
		$stmt->bind_result($id, $username, $password, $email);
		$stmt->fetch();
		
		// SECURITY! CHECK & COMPARE!
		
		if($FORM_password !== $password) {
			die("
				<center><b>(Form) Login ErrMSG #1</b></center>
				<br />
				<center>Password incorrect/wrong! Try again!</center>
			");
		}
		
		// Make Sessions Needed!
		
		$_SESSION['user'] = array();
		$_SESSION['user']['id'] = $id;
		$_SESSION['user']['username'] = $username;
		$_SESSION['user']['password'] = $password;
		$_SESSION['user']['email'] = $email;
		
		$stmt->close();
		//header("location: index.php");
	}
	
}

okay so lets see if i get this straight. In the bind_result part, this does not matter what kind of variable it is right? In the naming part... or does the names actual HAS to be like the ones in the Database Columns? I somehow think its the part there but correct me if i am wrong...

 

Hoping someone can help me a little bit.

Thanks in advance ;):D

Share this post


Link to post
Share on other sites

In the bind_result part, this does not matter what kind of variable it is right?

It just needs to be a variable. PHP really only has one kind of variable.

 

or does the names actual HAS to be like the ones in the Database Columns?

The variable names don't matter. bind_result can't even determine what you named the variables, they just get passed by reference and then the values are placed there.

 

I somehow think its the part there but correct me if i am wrong...

Let's back up and start with a description of what exactly happens when you run that code. Other than apparently storing the passwords in plain text I don't see anything obviously wrong, although that if statement where you check the password is redundant and not necessary.

Share this post


Link to post
Share on other sites

Thanks for the answer, but really cannot figure out what is wrong with my code? I have started both session_start() and ob_start() with gzip... i am checking if the user is already logged in and yet no action (this is a function a little bit earlier in the code, nothing wrong, used it many other places before)..

 

Any ideas? And ohh, thanks for the correction btw.. still a little new to the mysqli part haha xD

 

And for future notice, the password checking was really only an example.. gonna remove it when done with all code hehe, but thanks for the info :)

Share this post


Link to post
Share on other sites

I don't see all the code but i'm gonna assume you should be passing by only one form method. You have two different form methods being used. The $_GET and $_POST would cause a problem if your html form only submits via POST or GET.

 

Assuming your $_GET["SUBMIT_FORM_ACTION"] is passed in the same way as the $_POST['email'] and $_POST['password'] they should have matching variable names depending on the method attribute of the html form.

 

* Don't have all the code so these are just my assumptions.

Share this post


Link to post
Share on other sites

What is happening and what did you expect it to do?

Did you get any error messages?

Have you printed the variables to see if they contain the values you want them to?

 

If you're using the header() to redirect you're risking the session variables not getting saved. To guarantee the session variables being saved, call session_write_close() before redirecting.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0