Logging In With Sql's COUNT Function

Question

borobhaisab 117 Posting Whiz

1 Year Ago

Helle Fellow Programmers!

Unlike last time where I was checking for matching rows count using mysqli_stmt_rows_count():

https://www.daniweb.com/programming/web-development/threads/539306/login-with-prepared-statements-mysqli-stmt-num-rows-function

On this thread, I am checking for matching rows count using Sql's COUNT function.

This means, both threads are not same so mods do not close them.

Issue is, on both threads, no matter if I give correct password or incorrect, I always get message 'Incorrect user Credentials'.
Why is that ?
The details on Mysql Looks like this:

id | domain | password
0 | gmail.com | 373b29d2837e83b9ca5cec712a5985843df271cc

Obviously, password is hashed using sha_256.

Here is the php code:

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}


function login_form()
{
    echo 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}


function check_user_input()
{
    if(!EMPTY($_POST['domain']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain = trim($_POST['domain']);
    }
    elseif(!EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain_email = trim($_POST['domain_email']);
    }
    else
    {
        die('Input your Domain');
    }

    if(!EMPTY($_POST['password']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $hashed_password = hash('sha256',$_POST['password']); 
    }
}


function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    Global $domain;
    Global $password; //DELETE
    Global $hashed_password;

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    $conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ? AND password = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Registration a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"ss",$domain,$hashed_password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$rows_count);
        mysqli_stmt_fetch($stmt);

        if($rows_count<1) //User not registered.
        {
            echo __LINE__; echo '<br>';//DELETE
            echo 'password: '.$password; echo '<br>';
            echo 'hashed password: '.$hashed_password; echo '<br>';

            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            die('Incorrect User Credentials!');
        }
        mysqli_stmt_close($stmt);
        mysqli_close($conn);

        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';
        echo 'hashed password: ' .$hashed_password; echo '<br>';

        header('location: home.php');
        exit;
    }
}

count mysql php

3 Contributors
11 Replies
125 Views
3 Months Discussion Span
Latest Post 1 Year Ago Latest Post by borobhaisab

All 11 Replies

Dani 4,084 The Queen of DaniWeb

1 Year Ago

If I look at your SQL query SELECT COUNT('id') FROM domains WHERE domain = ? OR domain_email = ? AND password = ? it's ambiguous if you mean (domain = ? OR domain_email = ?) AND password = ? or domain = ? OR (domain_email = ? AND password = ?.

However, you shouldn't be retrieving a row with a password passed in anyways.

Nothing strikes me as obvious as to why the MySQL query may be failing.

Dani 4,084 The Queen of DaniWeb

1 Year Ago

    $sql_count = "SELECT COUNT('id') FROM domains WHERE (domain = ? OR domain_email = ?) AND password = ?";

It looks fine. However, it's not as secure as using password_hash() and password_verify() because you can then use BCRYPT with a salt. SHA256 is designed for encrypting large amounts of data efficiently and quickly, and is not as ideal for passwords, although you can definitely use it. Especially be wary of the unsalted way you're using it.

Edited 1 Year Ago by Dani

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

borobhaisab 117 Posting Whiz · Answer 1 · 2022-12-05T19:05:21+00:00

Programmers,

I am opening another thread where I attempt with the password_verify() function. And so, do not advise me here to use that. This thread is a different function issue. Let's resolve this thread too.

borobhaisab 117 Posting Whiz · Answer 2 · 2022-12-05T19:38:09+00:00

Fixed typo but no luck!

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}


function login_form()
{
    echo 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}


function check_user_input()
{
    if(!EMPTY($_POST['domain']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain = trim($_POST['domain']);
    }
    elseif(!EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain_email = trim($_POST['domain_email']);
    }
    else
    {
        die('Input your Domain');
    }

    if(!EMPTY($_POST['password']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $hashed_password = hash('sha256',$_POST['password']); 
    }
    else
    {
        die('Input your Password');
    }
}


function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    Global $domain;
    Global $password; //DELETE
    Global $hashed_password;

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    $conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ?  OR domain_email = ? AND password = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Registration a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"sss",$domain,$domain_email,$password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$rows_count);
        mysqli_stmt_fetch($stmt);

        if($rows_count<1) //User not registered.
        {
            echo __LINE__; echo '<br>';//DELETE
            echo 'password: '.$password; echo '<br>';
            echo 'hashed password: '.$hashed_password; echo '<br>';

            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            die('Incorrect User Credentials!');
        }
        mysqli_stmt_close($stmt);
        mysqli_close($conn);

        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';
        echo 'hashed password: ' .$hashed_password; echo '<br>';

        header('location: home.php');
        exit;
    }
}

borobhaisab 117 Posting Whiz · Answer 3 · 2022-12-05T22:24:55+00:00

UPDATE

@dani

Why is this failing ?

if(!mysqli_stmt_fetch($stmt))
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
            echo '<br>';
            echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
            echo '<br>';
            die('Password fetching failed!');
        }

Context:

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}


function login_form()
{
    echo 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}


function check_user_input()
{
    if(!EMPTY($_POST['domain']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain = trim($_POST['domain']);
    }
    elseif(!EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $domain_email = trim($_POST['domain_email']);
    }
    else
    {
        die('Input your Domain');
    }

    if(!EMPTY($_POST['password']))
    {
        echo __LINE__; echo '<br>';//DELETE

        $hashed_password = hash('sha256',$_POST['password']); 
    }
    else
    {
        die('Input your Password');
    }
}


function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    Global $domain;
    Global $password; //DELETE
    Global $hashed_password;

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    $conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ?  OR domain_email = ? AND password = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Registration a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"sss",$domain,$domain_email,$password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$rows_count);
        if(!mysqli_stmt_fetch($stmt))
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
            echo '<br>';
            echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
            echo '<br>';
            die('Password fetching failed!');
        }

        if($rows_count<1) //User not registered.
        {
            echo __LINE__; echo '<br>';//DELETE
            echo 'password: '.$password; echo '<br>';
            echo 'hashed password: '.$hashed_password; echo '<br>';

            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            die('Incorrect User Credentials!');
        }
        mysqli_stmt_close($stmt);
        mysqli_close($conn);

        echo __LINE__; echo '<br>';//DELETE
        echo 'password: ' .$password; echo '<br>';
        echo 'hashed password: ' .$hashed_password; echo '<br>';

        header('location: home.php');
        exit;
    }
}

borobhaisab 117 Posting Whiz · Answer 4 · 2022-12-06T17:11:00+00:00

@dani

I meant:
(domain = ? OR domain_email = ?) AND password = ?

I am giving the user an option to input his domain or his domain email as username. He must input his password.
I am stuck how to fix this sql query.

borobhaisab 117 Posting Whiz · Answer 5 · 2022-12-06T17:14:13+00:00

@dani

I just reading your reply now but few hrs ago, I started doing simplification to my code to do combing operation to find the faulty line. And yes, I spotted my sql query is incorrect. SO simplified to prompting for domain & pass.
Code now working.
Look:

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}


function login_form()
{
    echo 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}


function check_user_input()
{
    if(EMPTY($_POST['domain']) && EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        die('Input either your Domain or your Domain Email!');
    }
}


function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    $user = !EMPTY($_POST['domain'])?$domain = trim($_POST['domain']):$domain_email = trim($_POST['domain_email']);
    $hashed_password = hash('sha256',trim($_POST['password']));

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    if(!$conn = mysqli_connect("localhost","root","","buzz")) //mysqli_connect("server","user","password","db");
    {
        echo __LINE__; echo '<br>';//DELETE
        die('1. Something went wrong. Please try again later!');
    }
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ?  AND password = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Login a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"ss",$user,$hashed_password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$rows_count);
        if(!mysqli_stmt_fetch($stmt))
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
            echo '<br>';
            echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
            echo '<br>';
            die('Password fetching failed!');
        }

        if($rows_count<1) //User not registered.
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Rows Count: ' .$rows_count; echo '<br>'; //DELETE
            echo 'domain: ' .$domain; echo '<br>'; //DELETE
            echo 'domain_email: ' .$domain_email; echo '<br>'; //DELETE
            echo 'password: ' .$password; echo '<br>'; //DELETE

            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            die('Incorrect User Credentials!');
        }
        else
        {
            mysqli_stmt_close($stmt);
            mysqli_close($conn);

            echo __LINE__; echo '<br>';//DELETE

            echo 'Rows Count: ' .$rows_count; echo '<br>'; //DELETE
            echo 'domain: ' .$domain; echo '<br>'; //DELETE
            echo 'domain_email: ' .$domain_email; echo '<br>'; //DELETE
            echo 'password: ' .$password; echo '<br>'; //DELETE

            header('location: home.php');
            exit;
        }
    }
}

Now, need to revert back to the old p[rompt again where I ask user to either input domain or email as username. Must input password.
How to fix this ?
Shall I just copy your sql from your previous post ?

borobhaisab 117 Posting Whiz · Answer 6 · 2022-12-06T17:19:56+00:00

@dani

Your sql seems to be working!
Thanks!
However do confirm code is fine.
Cheers!

ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);

echo login_form();

if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__; echo '<br>';//DELETE

    check_user_input();

    echo __LINE__; echo '<br>';//DELETE

    process_login_form();

    echo __LINE__; echo '<br>';//DELETE
}


function login_form()
{
    echo 
    '
    <div name="center pane" id="center pane" align="center" size="50px" width="33%">
    <form method="POST" action="" name="login_form" id="login_form" width="50%">
    <fieldset>
    <label for="domain">Domain</label>
    <input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
    <br>
    <label for="password">Password</label>
    <input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
    <br>
    </fieldset>
    <fieldset>
    <button type="submit" name="login" id="login" title="Submit Form">Login!</button>
    </fieldset>
    </form>
    </div>
    ';
}


function check_user_input()
{
    if(EMPTY($_POST['domain']) && EMPTY($_POST['domain_email']))
    {
        echo __LINE__; echo '<br>';//DELETE

        die('Input either your Domain or your Domain Email!');
    }
}


function process_login_form()
{
    echo __LINE__; echo '<br>';//DELETE

    $user = !EMPTY($_POST['domain'])?$domain = trim($_POST['domain']):$domain_email = trim($_POST['domain_email']);
    $hashed_password = hash('sha256',trim($_POST['password']));

    //Query DB.
    //Check if User already registered or not.
    mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    if(!$conn = mysqli_connect("localhost","root","","buzz")) //mysqli_connect("server","user","password","db");
    {
        echo __LINE__; echo '<br>';//DELETE
        die('1. Something went wrong. Please try again later!');
    }
    $stmt = mysqli_stmt_init($conn);
    $sql_count = "SELECT COUNT('id') FROM domains WHERE (domain = ? OR domain_email = ?) AND password = ?";

    if(!mysqli_stmt_prepare($stmt,$sql_count))
    {
        echo __LINE__; echo '<br>';//DELETE

        echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
        echo '<br>';
        echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
        echo '<br>';
        die('Login a Failure!');
    }
    else
    {
        echo __LINE__; echo '<br>';//DELETE

        mysqli_stmt_bind_param($stmt,"sss",$user,$user,$hashed_password);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($stmt,$rows_count);
        if(!mysqli_stmt_fetch($stmt))
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
            echo '<br>';
            echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
            echo '<br>';
            die('Password fetching failed!');
        }

        if($rows_count<1) //User not registered.
        {
            echo __LINE__; echo '<br>';//DELETE

            echo 'Rows Count: ' .$rows_count; echo '<br>'; //DELETE
            echo 'domain: ' .$domain; echo '<br>'; //DELETE
            echo 'domain_email: ' .$domain_email; echo '<br>'; //DELETE
            echo 'password: ' .$password; echo '<br>'; //DELETE

            mysqli_stmt_close($stmt);
            mysqli_close($conn);
            die('Incorrect User Credentials!');
        }
        else
        {
            mysqli_stmt_close($stmt);
            mysqli_close($conn);

            echo __LINE__; echo '<br>';//DELETE

            echo 'Rows Count: ' .$rows_count; echo '<br>'; //DELETE
            echo 'domain: ' .$domain; echo '<br>'; //DELETE
            echo 'domain_email: ' .$domain_email; echo '<br>'; //DELETE
            echo 'password: ' .$password; echo '<br>'; //DELETE

            header('location: home.php');
            exit;
        }
    }
}

Stelian_1 0 Newbie Poster · Answer 7 · 2023-01-13T13:58:43+00:00

Check my login function which returns the user data as array also with secure hashed password, note when you secure password store it as blob the convert it back for verification, also check my conversion function aswell.
Note: password is hashed and using salt by: password_hash('password', PASSWORD_ARGON2ID);
Hope this helps you with your issue:

function blobToString($bin){
    $char = explode(' ', $bin);
    $userStr = '';
    foreach($char as $ch) 
    $userStr .= chr(bindec($ch));
    return $userStr;
  }
function userLogin($uname, $password) {
    $dbCon = dbConnect(); //db connection
    $usrQ = "SELECT userPassword FROM users WHERE userEmail=?";
    $usrQuery = $dbCon->prepare($usrQ);
    if($usrQuery == false) { 
        $dbCon->close();
        return false; // mysqli error
    }
    $usrBind = $usrQuery->bind_param("s", $uname);
    if($usrBind == false){
        $dbCon->close();
        return false; // mysqli error
    }
    $queryExec = $usrQuery->execute();
    if($queryExec == false) {
        $dbCon->close();
        return "invalid_usr"; // user not found
    }
    $result = $usrQuery->get_result(); // get the mysqli result
    $pwdField = $result->fetch_object(); 
    if($result == false) {
        $dbCon->close();
        return false;
    }
    $usrPwd = blobToString($pwdField->userPassword);
    $pwdCheck = password_verify($password, $usrPwd);
    if($pwdCheck == false) {
        $dbCon->close();
        return "invalid_pwd"; // user password incorrect
    }
    // password is correct proceeding
    $result->close();
    $usrDataQ = "SELECT * FROM users WHERE userEmail=?";
    $usrDataPrepare = $dbCon->prepare($usrDataQ);
    $usrDataPrepare->bind_param("s", $uname);
    $usrDataPrepare->execute();
    $usrDataResult = $usrDataPrepare->get_result();
    $usrData = $usrDataResult->fetch_assoc();
    unset($usrData['userPassword']); // remove user password from the list
    $usrDataPrepare->close();
    $dbCon->close();
    return $usrData; // output the user data
}

Also this function maybe usefull for navigation

function goBack() {
    // -------- Resume the page_path session to get the url of prev page 
    session_name('page_path');
    session_start();
    $previous_page = $_SESSION['current_page'];
    session_destroy();
    header('Location:'.$previous_page);
    exit;
}

Forgot the database connection function

function dbConnect(){
    static $connection;
    if (!isset($connection)) {
        $path = 'restricted/dbs.ini';
        $config = parse_ini_file($path);
        $host = $config['host'];
        $port = $config['port'];
        $uname = $config['username'];
        $pwd = $config['password'];
        $db = $config['db'];
        $connection = new mysqli($host, $uname, $pwd, $db, $port);
    }
    if(!$connection){
      die("ERROR: Could not connect. ". $connection->connect_error);
    } 
    return $connection;
}
// db error handling
function dbError() {
    $connection = dbConnect();
    return $connection->connect_error;
}

Safe coding everyone! :)

Stelian_1 0 Newbie Poster · Answer 8 · 2023-01-13T14:41:53+00:00

Forgot a thing :D
after $result->close() in login function in order to continue with query you also need $dbCon->next_result(); and don't forget to close the db after finish

borobhaisab 117 Posting Whiz · Answer 9 · 2023-03-07T17:16:54+00:00

@ Stelian_1

I just saw your posts now.

Thanks for the codes!

Logging In With Sql's COUNT Function

Recommended Answers Collapse Answers

All 11 Replies

Recommended Answers