login dosent work, code correct?

[rootKID]

Hi W3S

 

I am trying to make a login PHP code with MySQLI and it won't work for some reason, not sure what i have done wrong, can someone see what i did wrong?

 

This is the code:

////////////////////////////////////////////////////////////////////////////////////////////////////////
// Login
////////////////////////////////////////////////////////////////////////////////////////////////////////

$SUBMIT_FORM_ACTION___TakeLoginForm = (isset($_GET["SUBMIT_FORM_ACTION"]) ? $_GET["SUBMIT_FORM_ACTION"] : "");
if( $SUBMIT_FORM_ACTION___TakeLoginForm == "TakeLogin" ) {
	
	$query_1 = "SELECT u_id, u_username, u_password, u_email FROM users WHERE u_email=? AND u_password=?";
	if ( $stmt = $mysqli->prepare($query_1) ) {
		$FORM_email = $_POST['email'];
		$FORM_password = $_POST['password'];
		
		$stmt->bind_param('ss', $FORM_email, $FORM_password);
		$stmt->execute();
		$stmt->bind_result($id, $username, $password, $email);
		$stmt->fetch();
		
		// SECURITY! CHECK & COMPARE!
		
		if($FORM_password !== $password) {
			die("
				<center><b>(Form) Login ErrMSG #1</b></center>
				<br />
				<center>Password incorrect/wrong! Try again!</center>
			");
		}
		
		// Make Sessions Needed!
		
		$_SESSION['user'] = array();
		$_SESSION['user']['id'] = $id;
		$_SESSION['user']['username'] = $username;
		$_SESSION['user']['password'] = $password;
		$_SESSION['user']['email'] = $email;
		
		$stmt->close();
		//header("location: index.php");
	}
	
}

okay so lets see if i get this straight. In the bind_result part, this does not matter what kind of variable it is right? In the naming part... or does the names actual HAS to be like the ones in the Database Columns? I somehow think its the part there but correct me if i am wrong...

 

Hoping someone can help me a little bit.

Thanks in advance

[justsomeguy]

In the bind_result part, this does not matter what kind of variable it is right?

It just needs to be a variable. PHP really only has one kind of variable.

 

or does the names actual HAS to be like the ones in the Database Columns?

The variable names don't matter. bind_result can't even determine what you named the variables, they just get passed by reference and then the values are placed there.

 

I somehow think its the part there but correct me if i am wrong...

Let's back up and start with a description of what exactly happens when you run that code. Other than apparently storing the passwords in plain text I don't see anything obviously wrong, although that if statement where you check the password is redundant and not necessary.

[rootKID]

Thanks for the answer, but really cannot figure out what is wrong with my code? I have started both session_start() and ob_start() with gzip... i am checking if the user is already logged in and yet no action (this is a function a little bit earlier in the code, nothing wrong, used it many other places before)..

 

Any ideas? And ohh, thanks for the correction btw.. still a little new to the mysqli part haha

 

And for future notice, the password checking was really only an example.. gonna remove it when done with all code hehe, but thanks for the info

[zskillers]

I don't see all the code but i'm gonna assume you should be passing by only one form method. You have two different form methods being used. The $_GET and $_POST would cause a problem if your html form only submits via POST or GET.

 

Assuming your $_GET["SUBMIT_FORM_ACTION"] is passed in the same way as the $_POST['email'] and $_POST['password'] they should have matching variable names depending on the method attribute of the html form.

 

* Don't have all the code so these are just my assumptions.

[Ingolme]

What is happening and what did you expect it to do?

Did you get any error messages?

Have you printed the variables to see if they contain the values you want them to?

 

If you're using the header() to redirect you're risking the session variables not getting saved. To guarantee the session variables being saved, call session_write_close() before redirecting.