Jump to content

Problem with bind_param()

titan745

By titan745
in PHP Coding Help

Recommended Posts

titan745 Newbie

titan745

Posted
Posted

Please forgive me as I am new to php. I'm going to try and explain my problem the best I can.

 

I'm trying to create a member login that checks that the username and password match before logging in.

 

membership.php:

require ('SQL.php');

class Membership {

function validate_User($un, $pwd) {
	$mysql = new MySQL();
	$ensure_credentials = $mysql->verify_Username_and_Pass($un, md5(trim($pwd) . PW_SALT));

	if($ensure_credentials) {
		$_SESSION['status'] = 'authorized';
		$_SESSION['uname'] = $un;
		header('location: index.php');

	} else return "Please enter a correct username and password";

}

 

SQL.php:

class Mysql {
private $conn;

function __construct() {
	$this->conn = new mysqli($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_DATABASE) or 
				  die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {

	$query = "SELECT *
			FROM users
			WHERE username = ? AND password = ?
			LIMIT 1";

	if($stmt = $this->conn->prepare($query)) {
		$stmt->bind_param('ss', $un, $pwd);
		$stmt->execute();

		if($stmt->fetch()) {
			$stmt->close();
			return true;
		}
	}

}
}

 

After $un and $pwd are entered it returns "Please enter a correct username and password" regardless if the username and password are correct.

 

If I change this line 

if($ensure_credentials) {

in Membership.php to 

if($ensure_credentials != true) {

it will allow me to login, except it only verifies $un, and $pwd can be anything.

 

Please help!

Link to comment
https://forums.phpfreaks.com/topic/226122-problem-with-bind_param/
Share on other sites
titan745 Newbie

titan745

Posted
  • Author
Posted 
include ('../classes/Membership.php'); // Authentication class

$membership = new Membership();

// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $membership->validate_User($_POST['username'], $_POST['pwd']);
}

nankoweap Newbie

nankoweap

Posted
Posted

i wouldn't code it this way personally, but this should get you somewhere...

 

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

titan745 Newbie

titan745

Posted
  • Author
Posted

There doesn't seem to be a problem with the query. It returns the correct values.

 

As far as this code:

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

 

This doesn't seem to work.  :(

titan745 Newbie

titan745

Posted
  • Author
Posted

When I replace the function  verify_Username_and_Pass with the below code and then run the script, all that I get is a blank page.

 

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

 

With the function written the original way, it would return "Please enter a correct username and password". My guess, and this is a guess as I'm new to php, is that there seems to be a problem with telling the validate_User function that the validation has passed and to continue with the login.

 

Basically i think the problem is here somewhere:

function validate_User($un, $pwd) {
	$mysql = new MySQL();
	$ensure_credentials = $mysql->verify_Username_and_Pass($un, md5(trim($pwd) . PW_SALT));

	if($ensure_credentials) {
		$_SESSION['status'] = 'authorized';
		$_SESSION['uname'] = $un;
		header('location: index.php');

	} else return "Please enter a correct username and password";

}

 

Like I said though, I'm new to this and don't really know.  :-\  :confused:

nankoweap Newbie

nankoweap

Posted
Posted

When I replace the function  verify_Username_and_Pass with the below code and then run the script, all that I get is a blank page.

 

a blank page, eh? i wonder if the redirect is working then. comment out this line:

 

header('location: index.php');

 

and replace it with:

 

print "user/pass validated";

 

what happens?

 

titan745 Newbie

titan745

Posted
  • Author
Posted

I think I've been able to determine that the below code is not binding. (if that makes sense)

 

function verify_Username_and_Pass($un, $pwd) {

	$query = "SELECT *
			FROM users
			WHERE username = ? AND password = ?
			LIMIT 1";

	if($stmt = $this->conn->prepare($query)) {
		$stmt->bind_param('ss', $un, $pwd);
		$stmt->execute();

		if($stmt->fetch()) {
			$stmt->close();
			return true;
		}
	}

}

 

$un and $pwd are being passed to the function, but for whatever reason, $un and $pwd are not binding to the query.

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.