Jump to content

server error

karimali831

By karimali831
in PHP Coding Help

Recommended Posts

karimali831 Advanced Member

karimali831

Posted
Posted

Hi all,

 

I'm trying to use this login script but I keep getting server error,

I have noticed the server error is because of this if() statement:-

 

Any thoughts please?

if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) {

 

 

 

    function login($email, $password, $db) {
        // Using prepared Statements means that SQL injection is not possible. 
        if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) {
           $stmt->bind_param('s', $email); // Bind "$email" to parameter.
           $stmt->execute(); // Execute the prepared query.
           $stmt->store_result();
           $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
           $stmt->fetch();
           $password = hash('sha512', $password.$salt); // hash the password with the unique salt.
      
           if($stmt->num_rows == 1) { // If the user exists
              // We check if the account is locked from too many login attempts
              if(checkbrute($user_id, $db) == true) { 
                 // Account is locked
                 // Send an email to user saying their account is locked
                 //return false;
  return "Account locked";
              } else {
              
   if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
                 // Password is correct!
 
                    $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
                    $_SESSION['user_id'] = $user_id; 
                    $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', $password.$user_browser);
                    // Login successful.
                    //return true;    
 
return "Login successful";
                
} else {
 
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();
                    $db->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
                    //return false;
return "Password incorrect";
                }
              }
           } else {
              // No user exists. 
              //return false;
 return "User does not exist";
           }
        }
    }
Link to comment
https://forums.phpfreaks.com/topic/276324-server-error/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.