PHP Programming > General PHP Help

Mysqli Login not working

(1/5) > >>

BlinkItOut:
I am recoding my site to mysqli however I am having trouble with switching my login page over. I would appreciate any help I could get.

login.php - nothing should have to be changed here.

--- PHP Code: ---<?php
$pagetitle = "Login";
include "header.inc.php";

if($stmt = $mysqli->prepare("UPDATE stats SET logins=logins+1, lastupdated = ? WHERE id = ?"));
{
$stmt->bind_param('di', $datestamp5, $one);
$stmt->execute();
$stmt->close();
}

ECHO <<<END
  <script>
  $(document).ready(function(){
    $("#logForm").validate();
  });
  </script>

<h1>Login</h1>
      <form action="login.pro.php" method="post" name="logForm" id="logForm" >
        <table width="95%" border="0" cellpadding="4" cellspacing="4" class="loginform">
          <tr> 
            <td width="28%">Email</td>
            <td width="72%"><input name="usr_email" type="text" class="required fancyinput" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td>Password</td>
            <td><input name="pwd" type="password" class="required password fancyinput" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td colspan="2"> <div align="center">
                <p>
                  <input name="doLogin" type="submit" id="doLogin" class="myButton" value="Login">
                </p>
                <p><a href="register.php">Register Free</a> | <a href="forgot.php">Forgot Password</a></p>
              </div></td>
          </tr>
        </table>
      </form>
END;

include "footer.inc.php";
?>
--- End code ---


login.pro.php

--- PHP Code: ---<?php
include "connect.inc.php";

  $useremail = mysqli_real_escape_string ($mysqli, $_POST["usr_email"]);
$useremail = htmlspecialchars (strip_tags (strip_mq_gpc( trim($useremail))));

$password = mysqli_real_escape_string ($mysqli, $_POST["pwd"]);
$password = htmlspecialchars (strip_tags (strip_mq_gpc($password)));

if (strpos($useremail,'@') === false) {
    $usercond = "username";
} else {
      $usercond = "useremail";
    
}

$login = $mysqli->prepare("SELECT id, username, pwd, approved FROM users WHERE $usercond = ? AND banned = '0'");
$login->bind_param('s', $useremail);
$login->execute();
$login->store_result();
$numcheck = $login->num_rows;
$login->bind_result($id, $user, $pass, $approved);
$login->fetch();

$id = mysqli_real_escape_string ($mysqli, $id);
$id = htmlspecialchars (strip_tags (strip_mq_gpc( trim($id))));

$user = mysqli_real_escape_string ($mysqli, $user);
$user = htmlspecialchars (strip_tags (strip_mq_gpc( trim($user))));

$pass = mysqli_real_escape_string ($mysqli, $pass);
$pass = htmlspecialchars (strip_tags (strip_mq_gpc( trim($pass))));

$approved = mysqli_real_escape_string ($mysqli, $approved);
$approved = htmlspecialchars (strip_tags (strip_mq_gpc( trim($approved))));

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $numcheck > 0 ) {

list($id, $user, $pass, $approved) = mysql_fetch_row($login);

if(!$approved) {header("Location: login.php?error=Your+account+is+not+activated.+Please+check+your+email+for+your+activation+code.");}
 
//check against salt
if ($pass === PwdHash($password,substr($pass,0,9))) {
     // this sets session and logs user in  
       session_start();
   session_regenerate_id (true); //prevent against session fixation attacks.

   // this sets variables in the session 
$_SESSION['user_id']= $id;  
$_SESSION['username'] = $user;
//$_SESSION['rank'] = $rank;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();

$result = $mysqli->prepare("UPDATE users SET ctime = ?, ckey = ? WHERE id = ?");
$result->bind_param('sii', $stamp, $ckey, $id);
$result->execute();
$result->close();

   //set a cookie
setcookie("14182525_mwapass", $pass, time()+3600*24);
setcookie("54865421545_mwauser", $user, time()+3600*24);
header("Location: myaccount.php");
}
else
{
header("Location: login.php?error=Invalid+login.+Please+try+again+with+your+correct+email+and+password.");
}
} else {
header("Location: login.php?error=Invalid+login.+No+such+user+exists.");
  }
  
$login->close();
?>
--- End code ---


If you need any more information let me know. This has been a problem I been trying to solve for a few days.

wilson382:
I did not run your code,
 but what is exactly not working

BlinkItOut:
I probably should have mentioned that the problem is when I enter a correct login it will say "Invalid login. Please try again with your correct email and password." - and not log me in.

wilson382:
why are you using === to compare the password?

BlinkItOut:
Well "===" is what I used when I was using mysql and it worked fine. Just now I did test that part of the code for the password and it didn't work with just "==" but it did do something different when entering just a single equal sign. . . . it still didn't log me in like it was supposed to though. Now it seems to attempt to go to myaccount.php but fails to and returns to the homepage with the error "You do not have access to that page. Sorry for the inconvenience."

It seems to not be setting the cookies or something? - I am not sure.

Here is the code that brings up "You do not have access to that page. Sorry for the inconvenience."

--- PHP Code: ---if (!$checkrank) { $checkrank = 0; }
if (!$rank) { $rank = 0; }
if ($rank == ' ') { $rank = 0; }
if ($rank < $checkrank)
{
 die(header(error("$baseURL/index.php","You do not have access to that page. Sorry for the inconvenience.")));
}
--- End code ---


On myaccount.php page the $checkrank = 2 (which is the default rank for new members).

Navigation

[0] Message Index

[#] Next page