Folks,
Need to build a login page using the php’s mysqli_stmt_num_rows() function.
Issue is, no matter if I give correct password or incorrect, I always get message ‘Incorrect user Credentials’.
Why is that ?
The details on Mysql Looks like this:
id | domain | password
0 | gmail.com | 373b29d2837e83b9ca5cec712a5985843df271cc
Obviously, password is hashed using sha_256.
Here is the php code:
[code]
ini_set(“display_errors”,1);
ini_set(“display_startup_errors”,1);
error_reporting(E_ALL);
echo login_form();
if($_SERVER[‘REQUEST_METHOD’] === ‘POST’)
{
echo __LINE__; echo ‘<br>’;//DELETE
check_user_input();
echo __LINE__; echo ‘<br>’;//DELETE
process_login_form();
echo __LINE__; echo ‘<br>’;//DELETE
}
function login_form()
{
echo
‘
<div name=”center pane” id=”center pane” align=”center” size=”50px” width=”33%”>
<form method=”POST” action=”” name=”login_form” id=”login_form” width=”50%”>
<fieldset>
<label for=”domain”>Domain</label>
<input type=”text” name=”domain” id=”domain” size=”50″ minlength=”5″ maxlength=”253″ title=”Input your Domain” placeholder=”yourdomain.tld”>
<br>
<label for=”password”>Password</label>
<input type=”text” name=”password” id=”password” size=”50″ minlength=”8″ maxlength=”25″ title=”Input your Password” placeholder=”alpha-numerical-chars”>
<br>
</fieldset>
<fieldset>
<button type=”submit” name=”login” id=”login” title=”Submit Form”>Login!</button>
</fieldset>
</form>
</div>
‘;
}
function check_user_input()
{
if(!EMPTY($_POST[‘domain’]))
{
echo __LINE__; echo ‘<br>’;//DELETE
$domain = trim($_POST[‘domain’]);
}
elseif(!EMPTY($_POST[‘domain_email’]))
{
echo __LINE__; echo ‘<br>’;//DELETE
$domain_email = trim($_POST[‘domain_email’]);
}
else
{
die(‘Input your Domain’);
}
if(!EMPTY($_POST[‘password’]))
{
echo __LINE__; echo ‘<br>’;//DELETE
$hashed_password = hash(‘sha256’,$_POST[‘password’]);
}
else
{
die(‘Input your Password’);
}
}
function process_login_form()
{
echo __LINE__; echo ‘<br>’;//DELETE
Global $domain;
Global $password; //DELETE
Global $hashed_password;
//Query DB.
//Check if User already registered or not.
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
$conn = mysqli_connect(“localhost”,”root”,””,”buzz”); //mysqli_connect(“server”,”user”,”password”,”db”);
$stmt = mysqli_stmt_init($conn);
$sql = “SELECT id FROM domains WHERE domain = ? AND password = ?”;
if(!mysqli_stmt_prepare($stmt,$sql))
{
echo __LINE__; echo ‘<br>’;//DELETE
echo ‘Mysqli Error: ‘ .mysqli_stmt_error(); //DEV MODE.
echo ‘<br>’;
echo ‘Mysqli Error No: ‘ .mysqli_stmt_errno(); //DEV MODE.
echo ‘<br>’;
die(‘Registration a Failure!’);
}
else
{
echo __LINE__; echo ‘<br>’;//DELETE
mysqli_stmt_bind_param($stmt,”sss”,$domain,$domain_email,$hashed_password);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt,$id);
mysqli_stmt_fetch($stmt);
//if($num_rows = mysqli_stmt_num_rows($stmt)<1) //User not registered.
//{
//if(!$num_rows = mysqli_stmt_num_rows($stmt)) //User not registered.
//{
if(!mysqli_stmt_num_rows($stmt)) //User not registered.
{
echo __LINE__; echo ‘<br>’;//DELETE
mysqli_stmt_close($stmt);
mysqli_close($conn);
die(‘Incorrect User Credentials!’);
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
echo __LINE__; echo ‘<br>’;//DELETE
echo ‘password: ‘ .$password; echo ‘<br>’;
echo ‘hashed password: ‘ .$hashed_password; echo ‘<br>’;
echo ‘You are logged in!’;
exit;
}
}
Can you see these commented out lines ? I attempted with each of these ti check if there are any matching rows but no luck. I get messg incorrect user credentials even if password is correct and domain (username).
All of them show same result. Incorrect User Credentials. Even if I typ ethe right password.
[code]
if(!mysqli_stmt_fetch($stmt))
{
echo __LINE__; echo ‘<br>’;//DELETE
mysqli_stmt_close($stmt);
mysqli_close($conn);
die(‘Incorrect User Credentials!’);
}
Same result.