login issue mysqli

traydavid · November 19, 2013, 5:51pm

Any idea why these errors are showing? Connection works fine…

this is the code:

[php]

<?php include ("connectionlink.php"); //connection errors if any... if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $userid = $_POST['userid']; $password = $_POST['password']; /* create a prepared statement */ if ($stmt = $mysqli->prepare("SELECT userid, password FROM admins WHERE userid=? and password=?")) { // bind parameters-define them... $stmt->bind_param("s", $userid); $stmt->bind_param("s", $password); //execute... $stmt->execute(); // bind result variables $stmt->bind_result($userid); $stmt->bind_result($password); //fetch value $stmt->fetch(); printf("%s is equal to %s\n", $userid, $password); /* close statement */ $stmt->close(); } /* close connection */ $mysqli->close(); ?>[/php]

errors are:

PHP Warning: mysqli::prepare() [mysqli.prepare]: Couldn’t fetch mysqli on line 18
PHP Warning: mysqli::close() [mysqli.close]: Couldn’t fetch mysqli on line 41

JimL · November 19, 2013, 6:28pm

could you add connectionlink.php? remember to remove user credentials.

traydavid · November 19, 2013, 8:51pm

[php]<?php

$mysqli = mysqli_init();
if (!$mysqli) {
die(‘mysqli_init failed’);
}

if (!$mysqli->options(MYSQLI_INIT_COMMAND, ‘SET AUTOCOMMIT = 0’)) {
die(‘Setting MYSQLI_INIT_COMMAND failed’);
}

if (!$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 5)) {
die(‘Setting MYSQLI_OPT_CONNECT_TIMEOUT failed’);
}

if (!$mysqli->real_connect(‘localhost’, ‘usernamehere’, ‘pwdhere’, ‘dbhere’)) {
die(‘Connect Error (’ . mysqli_connect_errno() . ') ’
. mysqli_connect_error());
}

echo 'Success… ’ . $mysqli->host_info . “\n”;

$mysqli->close();
?>[/php]

I think it works because it prints out that it is connected, etc. Then the initial script I’m having probs with does nothing. Thanks.

JimL · November 19, 2013, 8:56pm

Might be because you close the connection at the end of the connection script

traydavid · November 19, 2013, 9:01pm

that got it to work through the connect page and into the script page–thanks.

printed the line without the variables and gave this error, basically saying the number of bound params don’t match…but they do. I think…

[19-Nov-2013 15:58:30] PHP Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn’t match number of parameters in prepared statement on line 21
[19-Nov-2013 15:58:30] PHP Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn’t match number of parameters in prepared statement on line 22
[19-Nov-2013 15:58:30] PHP Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn’t match number of fields in prepared statement on line 28
[19-Nov-2013 15:58:30] PHP Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn’t match number of fields in prepared statement on line 29

traydavid · November 19, 2013, 10:44pm

now this is a print issue i think…

printf is not formatted correctly
i don’t know how to format when integers or strings are coming form table
mixed won’t work
neither will n or i

[php]<?php

include (“con1.php”);

//connection errors if any…

if (mysqli_connect_errno()) {
printf(“Connect failed: %s\n”, mysqli_connect_error());
exit();
}

$userid = $_POST[‘userid’];
$password = $_POST[‘password’];

//create a prepared statement

if ($stmt = $mysqli->prepare(“SELECT userid, password FROM admins WHERE userid=? and password=?”)) {

// bind parameters-define them…
$stmt->bind_param(“is”, $userid, $password);

//execute…
$stmt->execute();

// bind result variables 
$stmt->bind_result($userid, $password);

//fetch value
$stmt->fetch();

printf("%mixed is associated with %mixed\n", $userid, $password);


/* close statement */
$stmt->close();

}

/* close connection */
$mysqli->close();
?>[/php]

JimL · November 19, 2013, 11:06pm

Debug the file (either with xdebug or var_dumping) and see what kind of data $userid and $password holds.

so:
[php]printf("%mixed is associated with %mixed\n", $userid, $password);[/php]–>
[php]var_dump($userid, $password);
printf("%mixed is associated with %mixed\n", $userid, $password);[/php]

It should output the variable type.

edit: just saw you were using mixed/n/i… strings are “s”.

traydavid · November 19, 2013, 11:32pm

userid is tinyint and name is text
i just looked at my db structure

traydavid · November 19, 2013, 11:33pm

i only tried mixed after using s and i and/or n failed
shouldn’t i assign the parameters i for integer and s for string for userid and pass?
that is more secure?
or not? thanks.

traydavid · November 19, 2013, 11:34pm

now this altered code:

[php]<?php

include (“con1.php”);

//connection errors if any…

if (mysqli_connect_errno()) {
printf(“Connect failed: %s\n”, mysqli_connect_error());
exit();
}

$userid = $_POST[‘userid’];
$password = $_POST[‘password’];

//create a prepared statement

if ($stmt = $mysqli->prepare(“SELECT userid, password FROM admins WHERE userid=? and password=?”)) {

// bind parameters-define them…
$stmt->bind_param(“ss”, $userid, $password);

//execute…
$stmt->execute();

// bind result variables 
$stmt->bind_result($userid);
$stmt->bind_result($password);

//fetch value
$stmt->fetch();

var_dump($userid, $password);
printf("%s is associated with %s\n", $userid, $password);

/* close statement */
$stmt->close();

}

/* close connection */
$mysqli->close();
?>[/php]

produces the error result]: Number of bind variables doesn’t match number of fields in prepared statement on line 30
[19-Nov-2013 18:41:53] PHP Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn’t match number of fields in prepared statement in line 31
AND outputs NULL NULL FROM THE VARDUMP

I’m looking at db and it is not null…

JimL · November 19, 2013, 11:42pm

Are you entering a valid userid and password? It seems like you don’t get any values back from the query.

traydavid · November 19, 2013, 11:48pm

yeah because I just doublechecked. It is connecting fine and printing out the connected, port number, etc.

traydavid · November 20, 2013, 12:10am

so that was my effort at an oop mysqli login script and failed miserably.
poured over php manual and google

any sample working code might be helpful at this point…thanks

JimL · November 20, 2013, 6:07am

I was thinking about these
$userid = $_POST[‘userid’];
$password = $_POST[‘password’];

traydavid · November 20, 2013, 3:09pm

could you explain? thanks

JimL · November 20, 2013, 3:38pm

in the form you are posting to this file, are you submitting a valid userid and password? because it seems like the query you are running get no data from the database.

try to do this:
[php]if ($stmt = $mysqli->prepare(“SELECT userid, password FROM admins WHERE userid=? and password=?”)) {[/php]–>
[php]var_dump($userid, $password)
if ($stmt = $mysqli->prepare(“SELECT userid, password FROM admins WHERE userid=? and password=?”)) {[/php]

That should output the userid and password received from the form

Then try to run the query with the variable values manually, either in command line, in phpmyadmin, or something.

traydavid · November 20, 2013, 11:29pm

I have tried manually coding the working user/pass
Have read through php manual (related section) a lot
Have googled topic for about 24 hours and tried several tutorials
Even tried an ajax php tutorial for login
can’t get a working login in php/mysqli at all

Does anyone have an example they can post of a WORKING mysqli login?

Beginning to wonder if this can be done in php/mysqli…

JimL · November 21, 2013, 6:53am

I can do a working php mysqli login today if no-one else post one first, it is definitly possible in php/mysqli as it’s just a normal query.

Please post the form you have atm, it would also be helpful with an example query including the username and password, plus the database table (with the row you’re trying to fetch).

JimL · November 21, 2013, 7:01pm

This should be a working login using mysqli
[php]<?php

$mysqli = new mysqli(‘localhost’, ‘phphelp’, ‘phphelp’, ‘phphelp’);

if (mysqli_connect_errno()) {
printf(‘Connect failed: %s\n’, mysqli_connect_error());
exit();
}

if (!empty($_POST[‘userid’]) && !empty($_POST[‘password’])) {
$hash = hash(‘sha512’, $_POST[‘password’]);

$query = ‘SELECT userid, password
FROM admins
WHERE userid = ?
AND password = ?’;

$stmt = $mysqli->prepare($query);

if (!$stmt) {
echo ‘failed to prepare statement’;

} else {

$stmt->bind_param('is', $_POST['userid'], $hash);
$stmt->execute();

$stmt->bind_result($userid, $password);
$stmt->fetch();

if (empty($userid)) {
  printf("%s with password %s not found in the system\n", $_POST['userid'], $_POST['password']);      

} else {
  printf("%s is equal to %s\n", $userid, $password);
}

$stmt->close();

}
}

$mysqli->close();

?>

[/php]

[hr]

And here is the same using my pdo class, I think this is much easier / cleaner to work with.
[php]<?php

require_once ‘DB.php’;
$db = new DB();

if (!empty($_POST[‘userid’]) && !empty($_POST[‘password’])) {
$hash = hash(‘sha512’, $_POST[‘password’]);

$user = $db->query(‘SELECT userid, password
FROM admins
WHERE userid = ?
AND password = ?’,
[$_POST[‘userid’], $hash])[0];

if (empty($user)) {
printf(“userid %s with password %s not found in the system\n”, $_POST[‘userid’], $_POST[‘password’]);

} else {
printf(“userid %s accepted with password %s (%s)\n”, $user->userid, $_POST[‘password’], $user->password);
}
}

?>

[/php]

[hr]

Note: these use sha512 for password storage, you should use Bcrypt or PBKDF2 in production.

Here is a SHA512 hash so you can test, password is traydavid

a1021ffa87eef29bb61d4afcb5047e220c6b1db56fbd166fb7de2df743fdd92413253aba7b3dbd9bbd67f22e1f9d367063817be058599ca849bd0ccbf5d08862

traydavid · November 21, 2013, 7:44pm

I got this far yesterday…I will look at your code and compare and try to make it work. Not encrypted yet nor hashed nor oop/prepared but in progress. Thanks!
[php]

<?php //Store the login in the session: session_start(); include ('conect.php'); if (isset($_POST['submit'])) { if(!$_POST['username'] | !$_POST['password']) { echo ('You did not fill in a required field.'); } else { /* Now we will store the values submitted by form in variable */ $username = htmlentities($_POST['username'], ENT_QUOTES); $password = htmlentities($_POST['password'], ENT_QUOTES); var_dump ($_POST['username'], $password); // get the records from the database if ($result = $mysqli->query("SELECT userid, username, password FROM admins where username = '$username' AND password = '$password' ")) { // display records if there are records to display if ($result->num_rows > 0) { // display records in a table echo ""; // set table headers echo ""; while ($row = $result->fetch_object()) { // set up a row for each record //print a table for me to see if it is working-----remove before using live echo ""; echo ""; echo ""; echo ""; echo ""; } echo "

userid	username	pwd
" . $row->userid . "	" . $row->username . "	" . $row->password . "

"; } // if there are no records in the database, display an alert message else { echo "User and-or password not found, ipaddress logged."; } } // show an error if there is an issue with the database query else { echo "Error: " . $mysqli->error; } if ((($_POST['password'])) != $info['password']) { echo("
"); echo "session is set as "; echo("
"); // IF ALL OKAY SET SESSION setcookie("userid", $user, time()+7200); $_SESSION['userid'] = $user; $_SESSION['start'] = time(); $_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60); echo session_id(); //header("Location: index.php"); } } } echo("

"); echo("Please Login To Continue!"); echo("

"); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo(""); echo("

Username:	"); echo(""); echo("
Password:	"); echo(""); echo("

"); echo(""); echo(""); [/php] ?>