Checklogin not returning values

Wombat 2017-11-05 22:56:11 UTC #1

I have php/sql code from a guide that does not echo the results it is suppose too. It is suppose to echo 2 results when checking the db. Admin is in the db and John is not so one is true and the other is false. The main connection is working so I can not figure out why it is not working. Thanks for your help.

 <?php
	$db = new mysqli('localhost', 'root', '');
	$select = mysqli_select_db($db, 'ExampleDB');
	if (!$select)
	{
		die("Database selection failed: " . mysqli_error($db));
	}
//session start
//check connection
	if ($db->connect_error) {
    	die("Connection failed: " . $conn->connect_error);
	} 
echo "Connected successfully"."<br>";
//checkLogin
function checkLogin($uname, $pword, $db) {
	$newpword = sha1($pword);
	$query = "SELECT * FROM RegisteredUsers WHERE Username = ? AND Password = ? LIMIT 1";
	if($statement = $db->prepare($query)) {
		$statement->bind_param('ss', $uname, $newpword);
		$statement->execute();
		$statement->store_result();
		if ($statement->num_rows == 1) {
			return true;
		} else {
			return false;
		}
	} else {
		var_dump($db->error);
		return false;
	}
}
echo "Person 1 with username of Admin and password of Password logged in: ".checkLogin('Admin', 'Password', $db)."<br>";
echo "Person 2 with username of John and password of 1234 logged in: ".checkLogin('John', '1234', $db)."<br>";
echo "<br>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
	<form>
    	<table>
        	<tr>
            	<td>Username:</td>
                <td><input type="text" name="uname"></td>
            </tr>
            <tr>
            	<td>Password:</td>
                <td><input type="text" name="pword"></td>
            </tr>
            <tr>
            	<td colspan="2"><input type="submit" value="Submit"></td>
            </tr>
        </table>
    </form>
</body>
</html>

Mittineague 2017-11-05 23:49:38 UTC #2

Does PHP echo output boolean values or strings?

Wombat 2017-11-06 01:20:30 UTC #3

It is suppose to return a 1 for the true user

Mittineague 2017-11-06 01:44:22 UTC #4

But it looks like the checkLogin() function returns only boolean true or boolean false.

Maybe you’re looking for print_r() so the output will be “human readable”

Wombat 2017-11-06 02:42:28 UTC #5

Well according to the code in the book that is all that is needed, it is suppose to check both those names and return true or false that they exist in the db. Admin exists so that is the true value, John does not exist in the db so that is false.
if ($statement->num_rows == 1) does this not return the value of 1 if true???

Mittineague 2017-11-06 02:51:30 UTC #6

Try as a temporary modification changing the function like so:

.....
	} else {
		var_dump($db->error);
		return false;
	}
    return ‘a string`; // line for testing 
}

Wombat 2017-11-06 04:27:26 UTC #7

No sorry that did nothing, but looked hopeful lol

Mittineague 2017-11-06 04:53:28 UTC #8

Hmmm. OK, try this

		if ($statement->num_rows == 1) {
			return “true”; // in quotes testing
		} else {
			return “false”; // in quotes testing
		}
	} else {
		var_dump($db->error);
		return “false”; // in quotes testing
	}
}

Wombat 2017-11-06 05:18:31 UTC #9

Ok that did something lol, it returned "false" on both echo's and I know it is connecting to the db and that Admin is in there as a user. So admin should have returned "true"

Connected successfully
Person 1 with username of Admin and password of Password logged in: False
Person 2 with username of John and password of 1234 logged in:False

That is what I got from that code change.

benanamen 2017-11-06 05:36:50 UTC #10

If you are using a book or whatever that uses SHA1 you need to toss it and learn from something that uses current coding practices. Instead of banging your head on this I suggest you use your time to learn PDO. Here is a good tutorial to get you going https://phpdelusions.net/pdo

PS: The current correct password method is password_hash and password_verify

Wombat 2017-11-06 05:56:04 UTC #11

Yes I realize that it is old but this is what they want me to learn from and as I told them the book code is wrong and does not work, but no one wants to admit that so I am trying to work out what is not working

benanamen 2017-11-06 06:23:25 UTC #12

Mittineague 2017-11-06 06:54:49 UTC #13

Well, benanamen makes some good points, so keep them in mind. But you can’t learn everything at once I suppose, and even though learning practices that will need to be unlearned later does seem foolish, hopefully there is good reason for this.

Anyway, you didn’t show the INSERT code, so I don’t know, but I suspect the query isn’t returning any results because the password isn’t being found. To test this hypothesis, try

.....
//	$query = "SELECT * FROM RegisteredUsers WHERE Username = ? AND Password = ? LIMIT 1";
	$query = "SELECT * FROM RegisteredUsers WHERE Username = ? LIMIT 1"; // name only
	if($statement = $db->prepare($query)) {
//		$statement->bind_param('ss', $uname, $newpword);{
		$statement->bind_param('s', $uname); // name only
.....

Then if that works, try similar for the password only.

system 2018-02-05 13:54:56 UTC #14

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

ThemesPodcastArticlesPremium