Hi there,

I have a login form.which contains two input parameters.
login_id and password.
login_id may be mobile or email.
user may use mobile no or email as login id.

my table structure is
uid email mobile password status

when i login through mobile no it is validating and showing error messages.
but if i login through email it is not checking email column. directly shows outputs to the client.
below is my script:
sorry for my terrible english
Check Login:

if($db->check_loginid($login_id))
            {
                if($db->checkLogin($login_id, $password))
                {
                        $status = 1;
                        if($db->checkLoginStatus($login_id, $password, $status))
                        {       $updateapi = $db->updateApikey($login_id);
                                $user = $db->getUsersalldetails($login_id);
                                if($user != NULL)
                                {
                                     $response = array();
                                     $response['code'] = 100;
                                     $response['error'] = false;
                                     $response['output'] = array();
                                     $tmp = array();
                                     $tmp["Verified"] = true;                            
                                     $tmp["User-Id"] = $user['UserId'];
                                     $tmp["Api-Key"] = $user['api_key'];
                                     $tmp["Name"] = $user['name'];
                                     $tmp["Email"] = $user['email'];
                                     $tmp["Mobileno"] = $user['mobile'];
                                     $tmp["Rolecode"] = $user['roldecode']; 
                                     $tmp["message"] = "You have logged in successfully";                       
                                     $response['output'] = $tmp;
                                     echoRespnse(200, $response);
                                }
                                else
                                {
                                     $response['code'] = 101;
                                     $response['error'] = true;             
                                     $response['message'] = "An error occurred. Please try again";
                                     echoRespnse(400, $response);
                                }

                        }
                        else
                        {
                            $response = array();
                            $response['code'] = 101;
                            $response['error'] = true;
                            $response['message'] = array();
                            $tmp = array();             
                            $tmp[$arrayemail['status']] = array("Your profile is inactive");
                            $response['message'] = $tmp;
                            echoRespnse(400, $response);
                        }
                }
                else
                {
                    $response = array();
                    $response['code'] = 101;
                    $response['error'] = true;
                    $response['message'] = array();
                    $tmp = array();             
                    $tmp[$arrayemail['password']] = array("Enter Correct Password");
                    $response['message'] = $tmp;
                    echoRespnse(400, $response);
                }
            }       
            else
            {
                $response = array();
                $response["code"] = "103";
                $response["error"] = true;  
                $response['message'] = array();
                $tmp = array();         
                $tmp[$arrayemail['loginid']] = array("Login id does not exist");
                $response['message'] = $tmp;
                echoRespnse(400, $response);
            }   



    public function check_loginid($login_id)
        {
            $stmt = $this->conn->prepare("SELECT * from np_system_users WHERE email = ? OR mobile = ?");
            $stmt->bind_param("si", $login_id, $login_id);
            $stmt->execute();
            $stmt->store_result();
            $num_rows = $stmt->num_rows;
            $stmt->close();
            return $num_rows > 0;
        }
        public function checkLogin($login_id, $password) {
            $stmt = $this->conn->prepare("SELECT u_password FROM np_system_users WHERE email = ? OR mobile = ? AND u_password = ? ");
            $encryptpass = sha1($password);
            $stmt->bind_param("sis", $login_id, $login_id, $encryptpass); 
            $stmt->execute();
            $stmt->bind_result($password_hash); 
            $stmt->store_result(); 
            if ($stmt->num_rows > 0) {
                $stmt->fetch(); 
                $stmt->close(); 
                if (sha1($password)) {
                    return TRUE;
                } else {
                    return FALSE;
                }
            } else {
                $stmt->close();
                return FALSE;
            }
        }
        public function checkLoginStatus($login_id, $password, $status) {
            $stmt = $this->conn->prepare("SELECT u_password FROM np_system_users WHERE email = ? OR mobile = ? AND u_password = ? AND status = ?");
            $encryptpass = sha1($password);
            $stmt->bind_param("sisi", $login_id, $login_id, $encryptpass, $status); 
            $stmt->execute();
            $stmt->bind_result($password_hash); 
            $stmt->store_result(); 
            if ($stmt->num_rows > 0) {
                $stmt->fetch(); 
                $stmt->close(); 
                if (sha1($password)) {
                    return TRUE;
                } else {
                    return FALSE;
                }
            } else {
                $stmt->close();
                return FALSE;
            }
        }
        public function getUsersalldetails($login_id)
        {
        //$api_key = $this->generateApiKey();
        $stmt = $this->conn->prepare("SELECT u_rolecode, firstname, email, mobile, person_row_id, createdat, api_key FROM np_system_users WHERE email = ? OR mobile = ?");
        $stmt->bind_param("si", $login_id, $login_id);
            if ($stmt->execute()) 
            {
                $stmt->bind_result($u_rolecode, $firstname, $email, $mobile, $person_row_id, $createdat, $api_key);
                /* fetch values */
                mysqli_stmt_fetch($stmt);
                /* set values */
                $user['roldecode'] = $u_rolecode;
                $user['name'] = $firstname;
                $user['email'] = $email;
                $user['mobile'] = $mobile;
                $user['UserId'] = $person_row_id; 
                $user['api_key'] = $api_key;
                $stmt->close();
                return $user;
            } 
            else 
            {
                return NULL;
            }
        }
        public function updateApikey($login_id) 
        {
                $today = date('Y-m-d');
                $api_key = $this->generateApiKey();
                $stmt = $this->conn->prepare("UPDATE np_system_users u set u.api_key = ?, u.updated_at = ? WHERE u.email = ? OR u.mobile = ?");
                $stmt->bind_param("sssi", $api_key, $today, $login_id, $login_id);
                $stmt->execute();
                $result = $stmt->execute();     
                $num_affected_rows = $stmt->affected_rows;
                $stmt->close();
                return $num_affected_rows > 0;      

        }
Member Avatar for diafol
bind_param('si..', ... 

is mysqli not PDO - incluing func_func methods you use.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.