Checklogin not returning values

I have php/sql code from a guide that does not echo the results it is suppose too. It is suppose to echo 2 results when checking the db. Admin is in the db and John is not so one is true and the other is false. The main connection is working so I can not figure out why it is not working. Thanks for your help.

[code] <?php
$db = new mysqli(‘localhost’, ‘root’, ‘’);
$select = mysqli_select_db($db, ‘ExampleDB’);
if (!$select)
{
die("Database selection failed: " . mysqli_error($db));
}

//session start

//check connection
if ($db->connect_error) {
die(“Connection failed: " . $conn->connect_error);
}
echo “Connected successfully”.”
";

//checkLogin
function checkLogin($uname, $pword, $db) {
$newpword = sha1($pword);
$query = “SELECT * FROM RegisteredUsers WHERE Username = ? AND Password = ? LIMIT 1”;
if($statement = $db->prepare($query)) {
$statement->bind_param(‘ss’, $uname, $newpword);
$statement->execute();
$statement->store_result();
if ($statement->num_rows == 1) {
return true;
} else {
return false;
}
} else {
var_dump($db->error);
return false;
}
}

echo “Person 1 with username of Admin and password of Password logged in: “.checkLogin(‘Admin’, ‘Password’, $db).”
”;
echo “Person 2 with username of John and password of 1234 logged in: “.checkLogin(‘John’, ‘1234’, $db).”
”;
echo “
”;
?>

Untitled Document
Username:
Password:
</form>

[/code]

Does PHP echo output boolean values or strings?

It is suppose to return a 1 for the true user

But it looks like the checkLogin() function returns only boolean true or boolean false.

Maybe you’re looking for print_r() so the output will be “human readable”

Well according to the code in the book that is all that is needed, it is suppose to check both those names and return true or false that they exist in the db. Admin exists so that is the true value, John does not exist in the db so that is false.
if ($statement->num_rows == 1) does this not return the value of 1 if true???

Try as a temporary modification changing the function like so:

.....
	} else {
		var_dump($db->error);
		return false;
	}
    return ‘a string`; // line for testing 
}

No sorry that did nothing, but looked hopeful lol

Hmmm. OK, try this

		if ($statement->num_rows == 1) {
			return “true”; // in quotes testing
		} else {
			return “false”; // in quotes testing
		}
	} else {
		var_dump($db->error);
		return “false”; // in quotes testing
	}
}

Ok that did something lol, it returned “false” on both echo’s and I know it is connecting to the db and that Admin is in there as a user. So admin should have returned “true”

Connected successfully
Person 1 with username of Admin and password of Password logged in: False
Person 2 with username of John and password of 1234 logged in:False

That is what I got from that code change.

If you are using a book or whatever that uses SHA1 you need to toss it and learn from something that uses current coding practices. Instead of banging your head on this I suggest you use your time to learn PDO. Here is a good tutorial to get you going https://phpdelusions.net/pdo

PS: The current correct password method is password_hash and password_verify

Yes I realize that it is old but this is what they want me to learn from and as I told them the book code is wrong and does not work, but no one wants to admit that so I am trying to work out what is not working

:banghead:

Well, benanamen makes some good points, so keep them in mind. But you can’t learn everything at once I suppose, and even though learning practices that will need to be unlearned later does seem foolish, hopefully there is good reason for this.

Anyway, you didn’t show the INSERT code, so I don’t know, but I suspect the query isn’t returning any results because the password isn’t being found. To test this hypothesis, try

.....
//	$query = "SELECT * FROM RegisteredUsers WHERE Username = ? AND Password = ? LIMIT 1";
	$query = "SELECT * FROM RegisteredUsers WHERE Username = ? LIMIT 1"; // name only
	if($statement = $db->prepare($query)) {
//		$statement->bind_param('ss', $uname, $newpword);{
		$statement->bind_param('s', $uname); // name only
.....

Then if that works, try similar for the password only.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.