Jump to content

Problem with bind_param()

titan745

By titan745
in PHP Coding Help

 Share

Recommended Posts

titan745 Newbie

titan745

Posted
Posted

Please forgive me as I am new to php. I'm going to try and explain my problem the best I can.

 

I'm trying to create a member login that checks that the username and password match before logging in.

 

membership.php:

require ('SQL.php');

class Membership {

function validate_User($un, $pwd) {
	$mysql = new MySQL();
	$ensure_credentials = $mysql->verify_Username_and_Pass($un, md5(trim($pwd) . PW_SALT));

	if($ensure_credentials) {
		$_SESSION['status'] = 'authorized';
		$_SESSION['uname'] = $un;
		header('location: index.php');

	} else return "Please enter a correct username and password";

}

 

SQL.php:

class Mysql {
private $conn;

function __construct() {
	$this->conn = new mysqli($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_DATABASE) or 
				  die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {

	$query = "SELECT *
			FROM users
			WHERE username = ? AND password = ?
			LIMIT 1";

	if($stmt = $this->conn->prepare($query)) {
		$stmt->bind_param('ss', $un, $pwd);
		$stmt->execute();

		if($stmt->fetch()) {
			$stmt->close();
			return true;
		}
	}

}
}

 

After $un and $pwd are entered it returns "Please enter a correct username and password" regardless if the username and password are correct.

 

If I change this line 

if($ensure_credentials) {

in Membership.php to 

if($ensure_credentials != true) {

it will allow me to login, except it only verifies $un, and $pwd can be anything.

 

Please help!

Link to comment
Share on other sites
titan745 Newbie

titan745

Posted
  • Author
Posted 
include ('../classes/Membership.php'); // Authentication class

$membership = new Membership();

// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $membership->validate_User($_POST['username'], $_POST['pwd']);
}

Link to comment
Share on other sites
nankoweap Newbie

nankoweap

Posted
Posted

i wouldn't code it this way personally, but this should get you somewhere...

 

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

Link to comment
Share on other sites
titan745 Newbie

titan745

Posted
  • Author
Posted

There doesn't seem to be a problem with the query. It returns the correct values.

 

As far as this code:

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

 

This doesn't seem to work.  :(

Link to comment
Share on other sites
titan745 Newbie

titan745

Posted
  • Author
Posted

When I replace the function  verify_Username_and_Pass with the below code and then run the script, all that I get is a blank page.

 

function verify_Username_and_Pass($un, $pwd) {
  $query = "SELECT count(*) FROM users WHERE username = ? AND password = ?";
  $stmt = $this->conn->prepare($query) or die($this->conn->error);
  $stmt->bind_param('ss', $un, $pwd);
  $stmt->execute();
  $stmt->bind_result($count);
  $success = $stmt->fetch();
  $stmt->close();

  return ($success && $count > 0);
}

 

With the function written the original way, it would return "Please enter a correct username and password". My guess, and this is a guess as I'm new to php, is that there seems to be a problem with telling the validate_User function that the validation has passed and to continue with the login.

 

Basically i think the problem is here somewhere:

function validate_User($un, $pwd) {
	$mysql = new MySQL();
	$ensure_credentials = $mysql->verify_Username_and_Pass($un, md5(trim($pwd) . PW_SALT));

	if($ensure_credentials) {
		$_SESSION['status'] = 'authorized';
		$_SESSION['uname'] = $un;
		header('location: index.php');

	} else return "Please enter a correct username and password";

}

 

Like I said though, I'm new to this and don't really know.  :-\  :confused:

Link to comment
Share on other sites
nankoweap Newbie

nankoweap

Posted
Posted

When I replace the function  verify_Username_and_Pass with the below code and then run the script, all that I get is a blank page.

 

a blank page, eh? i wonder if the redirect is working then. comment out this line:

 

header('location: index.php');

 

and replace it with:

 

print "user/pass validated";

 

what happens?

 

Link to comment
Share on other sites
titan745 Newbie

titan745

Posted
  • Author
Posted

I think I've been able to determine that the below code is not binding. (if that makes sense)

 

function verify_Username_and_Pass($un, $pwd) {

	$query = "SELECT *
			FROM users
			WHERE username = ? AND password = ?
			LIMIT 1";

	if($stmt = $this->conn->prepare($query)) {
		$stmt->bind_param('ss', $un, $pwd);
		$stmt->execute();

		if($stmt->fetch()) {
			$stmt->close();
			return true;
		}
	}

}

 

$un and $pwd are being passed to the function, but for whatever reason, $un and $pwd are not binding to the query.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.