Jump to content

msqli is it wrong


ecabrera

Recommended Posts

OK so i cant log in i make it only to

 

 

if($num_rows != 1){
 

my username and password are right but i keep getting user does not exist 

i dont get erros only warnning undiefiend index but thats not probelm

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
	//start the sessoin
	session_start();
	
	//connect to db
	require "scripts/db.ini.php";
	
	$username = mysqli_real_escape_string($db,$_POST['username']);
	$password = mysqli_real_escape_string($db,$_POST['password']);

	if(isset($_POST['loginbtn'])){

	if($username && $password){
	
	//sql command
	$getstaff = "SELECT * FROM `staff` WHERE `username` = '$username'";
	
	//execute the query 
	$query = mysqli_query($db,$getstaff);
	
	//get the number of rows
	$num_rows = mysqli_num_rows($query);
	
	if($num_rows != 1){
	
	//get the info
	$rows = mysqli_fetch_assoc($query);
	
	//setting the data in indivaul variables
	$dbusername = $rows['username'];
	$dbpassword = $rows['password'];
	
	//getting the password the user enter and making it hash
	//in order for it to match in the database
	$password = md5('$password');
	
	if($dbusername === $username && $dbpassword === $password){
	
		//create the session
		$_SESSION['username'] = $usersession;
		//redircet them to the control panel
		header("location: controlpanel.php");
	
	}else
		$msg = "Please check your username or password";
	}else
		$msg = "User does not exist";
	}else
		$msg = "Please enter your username and password";
	}
?>

 

 

 

Link to comment
Share on other sites

Let me see if I can teach a man (or woman) to fish today.

 

You know that it isn't getting into the if statement. In order to get into the if statement, what conditions must be true?

$num_rows != 1 ($num_rows must be less than or greater than 1)

 

So, if there is a username, how many results will be returned?

Link to comment
Share on other sites

Ok, so let's apply the same logic.

 

What are the conditions for $username && $password?

 

How can you tell if those conditions are met? You need to know what is in those variables, correct? So let's output those to the page so you can see them.

Link to comment
Share on other sites

Ok, so if you output those variables, what does it output to the browser?

 

And when you check it like if ($var), you are checking if it is true or false. You should try using if (!empty($var)) this will be more descriptive of what you are doing when you read it.

 

I could probably solve this quickly for you, but I think it's better if you learn how to debug it, which is why I'm giving you these questions.

Link to comment
Share on other sites

md5('$password'); is the hash of the LITERAL STRING '$password'. Not the value contained in $password.

 

I don't get why this has to be said a dozen times a week. Who is teaching put everything in a string anyway?

Link to comment
Share on other sites

Jessica, your posts make me smile sometimes. :) When you fix the message that Jessica has stated and it's still not logging in, try applying the logical steps as I've been trying to tell you. I can identify another issue with your session variable as well.

 

--- Edit: Simultaneous post. As for your comment on Jessica, no need to get all defensive. The point is that a lot of questions get posted here and they are not very well formed or miss several basic steps in debugging. You should look through some of the links in your signature such as how to ask questions and debugging your code. Asking other users to debug your code everytime something doesn't work isn't helping you become better at developing. Being a good developer means that you can debug your own code. Only after you have attempted to debug it, do you ask a question.

Edited by teynon
Link to comment
Share on other sites

OK i fixed it it had something to due with my sessions and how they were set up

 

 

teynon Thanks for your help 

 

Jessica sorry if i cant be as good as you and know stuff right away

Uhm, the problem has NOTHING to do with sessions. You're comparing every password in your DB to '$password'.

Which, if your registration code has the same problem... anyone can login with any password.

 

 

My question was a sincere one. Why did you put a variable inside a string, for no apparent reason? think critically about everything you do. If you can't explain what every single character is for, learn what it does and you'll become better.

Link to comment
Share on other sites

I think somebody just needs to point out that...

 

md5('$password')

...is obviously not what he wanted to do.

 

I don't think he did it for any reason and I don't think the discussion in this post will actually help him.

 

I think pointing out that the above line of code is very different to any of these will help:

 

 

md5($password)
md5('{$password}')
md5("$password")

 

In other words a variable can't be placed inside single quotes. It must be double quotes or enclosed by curly brackets.

 

I understand not giving him the answer straight away and it helps to find the answer yourself, but in this case I think you all toyed with him a little too much.

Link to comment
Share on other sites

johnsmith: You might want to read the thread a bit closer the next time, Jessica has already pointed that out.

...and I was elaborating on it. I don't think he understood though as he then commented on something to do with sessions. I just made it clearer. Where's the problem in that?

 

Curly braces make no difference. Variables are not interpolated within single quotes . Full stop.

Apologies. Thanks for pointing it out. Christian obviously missed that too.

Link to comment
Share on other sites

There was an issue with his session variable as well. He was assigning $usersession instead of $username. I don't want to just give people simple answers anymore. For example in this post: http://forums.phpfreaks.com/topic/275257-php-echo-numbering/ where the poster obviously hasn't tried anything. The point is, these type of questions are failing at simple debugging. Just giving them the answer will solve their current problem, but only teaches them to come back here next time they debug. "Give a man a fish feed him for a day. Teach a man to fish, feed him for life."

Link to comment
Share on other sites

md5('$password'); is the hash of the LITERAL STRING '$password'. Not the value contained in $password.

 

I don't get why this has to be said a dozen times a week. Who is teaching put everything in a string anyway?

 

Not to mention that md5 should never be used for passwords as it's insecure.

Link to comment
Share on other sites

I don't think he did it for any reason

Exactly. That's my point. If he's going to (subtly) complain that he doesn't know enough to fix it, I'm explaining how to get better and learn.

 

If you're randomly throwing things at the keyboard your code won't work. There should be a reason for everything you do.

 

It also was a very sincere question about WHY people do this, because it's a newbie thing to do that I just plain don't understand. Literally several times a week someone posts on here and at least part of their problem is a variable in a literal string. For a few weeks I had a rant about it in my signature, it's so prevalent.

I want to know *what* site, book, tutorial, etc, is leading people to believe they should a. put variables in strings when they have no other text to add, and b. use single quoted strings for variables. So I can hunt it down and squish it.

Link to comment
Share on other sites

There was an issue with his session variable as well. He was assigning $usersession instead of $username.

Good point.

 

The fact that changing that "fixed" the problem makes me much more sure he has the same '$password' issue in other places, otherwise he should have not been logged in at this point.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.