This is my first post. I started to learn php two days ago and got this far.
I need help with a line of code that does not work. I am a Vietnamese disabled woman in a wheelchair trying to learn php. I try to read manuals in English and translate but translations is not good. My English is okay but not good.
So I please need someone to just correct my code with a replacement or addition. The mysql database BIT data type needs a 1 and not a 0 to be authorized. If not, I also need to show the user that they are not authorized or send them to a different page. Please help me.
<?php session_start();
include_once('includes/config.php');
if(isset($_POST['login']))
{
$password=$_POST['password'];
$dec_password=$password;
$useremail=$_POST['uemail'];
$ret= mysqli_query($con,"SELECT id,fname FROM users WHERE email='$useremail' and password='$dec_password' and authorized='1' ");
$num=mysqli_fetch_array($ret);
if($num>0)
{
$_SESSION['id']=$num['id'];
$_SESSION['name']=$num['fname'];
header("location:home.php");
}
else
{
echo "<script>alert('Invalid username or password or your account has been closed.');</script>";
}
}
?>
What exactly is going wrong? Is it letting people log in who are not authorised, or is it refusing to let anyone in at all?
On the face of it, there doesnât seem to be anything wrong with the code. Have you used var_dump() or echo to show the contents of your form variables to check that information is coming across correctly? Does your query actually return a row? That is, what is in $num? If it does not, does the same query executed in phpmyadmin return a row, or give an error? Could you show some sample data from your table, and perhaps share the code for the form?
Aside from that, there are some issues with the code that you should address while you are learning. They probably wonât be affecting the issue, though one of them might be.
First, instead of copying user-supplied data directly into your query, read up on Prepared Statements and use these, with parameters, to include those values. Among other things it also handles issues with including single-quotes inside your strings which will break your current query.
Second, DO NOT store plain text passwords. PHP has a pair of functions, password_hash() to be used when storing passwords, and password_verify() to be used to check the user-supplied password against the hashed one.
Is it possible that your password is being stored in an encoded or hashed form, but youâre not handling that here? I wonder what the point of the $dec_password variable is, otherwise.
If youâre expecting a BIT value here, I dont see one being pulled from the database. id will be an INT, fname will be a VARCHAR (a string)âŚ
Unless youâre referring to THIS bit of your query:
In which case, dont put the quotes around the 1 if its supposed to be a number. (Though⌠your database engine should be handling a conversion if its trying to compare a â1â to a BIT, and given that â1â translates to either⌠1⌠or 49⌠which would end in a 1⌠it should still work?)
Not going into the code improvements that should be done but, either $num is the expected array or not so wouldnât a ânot emptyâ condition quote âfixâ the code?
I thank you for your lecture and info but long text does me no good much.
It makes no difference if I use quotes around the number 1 for (bit data type ). I still get an error:
Fatal error : Uncaught TypeError: mysqli_fetch_array(): Argument #1 ($result) must be of type mysqli_result, bool given in /home/primehor/emilydiem.com/register/restrict-login.php:10 Stack trace: #0 /home/primehor/emilydiem.com/register/restrict-login.php(10): mysqli_fetch_array() #1 {main} thrown in /home/primehor/emilydiem.com/register/restrict-login.php on line 10
My English is bad. I said it was okay but that wrong. I have to use Google Translate and that works okay with code replacement but not in long notes suggestions I canât understand. I am not a programmer. I am just trying to fill in. So please just correct a line of code then I may understand. Thank you.
Would you please just correct my code for the error I reported? Only then can I understand.
You didnât mention if you get the JS message 'Invalid username or password or your account has been closed.'
In case you donât know, your code is looking for $_POST['login'] so an input on your form should have name="login". If you donât have this then everything inside the if(isset($_POST['login'])) condition will not be used.
Other form inputs are uemail and password, so check that your form has matching input names.
Ah! Now youâve given us an error message, itâs easier to work out what went wrong. That error message means that your query failed to execute (not that it ran and didnât find any rows, just that it didnât run), so it returned false rather than a results object. You need to test your query inside phpmyadmin or some other database tool using the same values to find out why. Is your code connecting to the database correctly?
Now we know the quote is failing, no-one can do that without seeing the layout of your users table, and the sample data you are using to test. Are all your column names correct?
I did notice that, but I figured that if an array was returned, PHP would probably handle it and decide that an array is bigger than zero. I must admit I didnât test it anywhere.
Iâve mentioned quotes around numbers before, and been told that it doesnât make any difference. As I always use prepared statements now, itâs not something I encounter often enough to be certain without checking.
I have uploaded the database photo, the error message, and said that it all works just fine until I add the âauthorizedâ code. I just sent a payment for a premium account and hope to learn lots here. But unless someone just changes my code to make it work and shows me where to put it, I am afraid none of this will work. Maybe this was a bad idea to come here but I am trying - and getting nowhere. Sorry to say, just to be honest. If you expect me to act like a novice developer, then you are mistaken. I am not even that far along.
Please just copy my code, all of it and make the change when allowing checking for a 0 or 1 for âauthorizedâ.
We cant see PHP code from the front end. Thatâs not how PHP works.
Your query, at the moment, only pulls records where authorized is 1:
$ret= mysqli_query($con,"SELECT id,fname FROM users WHERE email='$useremail' and password='$dec_password' and authorized='1' ");
^^^^^^^^^^^^^^
If you want to specifically catch users who are not authorized but do have a valid email and password, remove the check for authorized from the query, and then change this:
if($num !== false && $num['authorized'] == 0) {
//Do Whatever you're going to do when they're not authorized.
//The Email and password were correct, but authorized was 0.
} elseif($num !== false) {
//If the code gets here, You know that authorized was 1, and there is data, so their email and password matched.
$_SESSION['id']=$num['id'];
$_SESSION['name']=$num['fname'];
header("location:home.php");
}
(and then keep the else. The else is the case where the email/password was incorrect.)
Because the problem is that your query throws an error when you try to execute it, I canât see any way that I can help you unless you provide the database layout and sample data that Iâve requested. I hope someone else can sort the issue out for you.
Thank you m_hutley. It looks like we are on the right path.
I hope I substituted your code corrected. But I got an error: Parse error : Unclosed â{â on line 5 in /home/primehor/emilydiem.com/register/restrict-login.php on line 92
Seems it may be a simple error but I donât see a problem on line 5. Here is the code:
<?php session_start();
include_once('includes/config.php');
// Code for login
if(isset($_POST['login']))
{
$password=$_POST['password'];
$dec_password=$password;
$useremail=$_POST['uemail'];
$ret= mysqli_query($con,"SELECT id,fname FROM users WHERE email='$useremail' and password='$dec_password'");
$num=mysqli_fetch_array($ret);
// if($num>0) I removed this line. Hope that was correct.
{
if($num !== false && $num['authorized'] == 0) {
//Do Whatever you're going to do when they're not authorized.
//The Email and password were correct, but authorized was 0.
header("location:not-authorized.php");
} elseif($num !== false) {
//If the code gets here, You know that authorized was 1, and there is data, so their email and password matched.
$_SESSION['id']=$num['id'];
$_SESSION['name']=$num['fname'];
header("location:home.php");
}
else
{
echo "";
}
}
?>
Means if the number is question does not equal 0 then abort (with an explantion. I am learning but looking forward to see if I did something wrong when using your code to replace mine. Notice that I removed âif($num>0)â on line 11 and hope that is correct. I get an error both ways.
I dont see how that any { i gave you could be on line 5, given the other lines of code there, but⌠the error says that there is a { on line 5 that is missing itâs matching }.
The query will need to SELECT authorized in addition to id and fname, in order to work with it. This isnt the issue the user is currently facing, but it would be their next one.
I think the issue is with the line that the OP removed. They removed:
// if($num>0) I removed this line. Hope that was correct. {
but they didnât remove the corresponding }, hence the error message. But, because they havenât formatted the code, I donât know if the { has been left on the commented-out line, or placed on a separate line after it. I suspect the former, otherwise they would be balanced. Perhaps the OP can edit their post to format the code correctly.
Edit window closes at 4h after posting. Only the mods can modify the post at this point.
I think based on the error itâs more likely thereâs a line break in there, and they removed the if($num>0), but left the { intact, which would generate the âUnclosed open-bracketâ error they reported.
There has been no code posted that solves the problem. So, one final time:
My original code works fine. But it will be confusing to the user because my code looks at the user credentials, email and password, and âauthorizedâ on the same line. I donât know how to handle them separately. I would need the full code I can test. The entire php code, not just parts of it. That is the only way I can understand.