Hi,
I am trying to create a login page using the sql's mysqli_stmt_num_rows() function.
Issue is, no matter if I give correct password or incorrect, I always get message 'Incorrect user Credentials'.
Why is that ?
The details on Mysql Looks like this:
id|domain|password
0|gmail.com|373b29d2837e83b9ca5cec712a5985843df271cc
Obviously, password is hashed using sha_256.
Here is the php code:
<?php
ini_set("display_errors",1);
ini_set("display_startup_errors",1);
error_reporting(E_ALL);
echo login_form();
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
echo __LINE__; echo '<br>';//DELETE
check_user_input();
echo __LINE__; echo '<br>';//DELETE
process_login_form();
echo __LINE__; echo '<br>';//DELETE
}
function login_form()
{
echo
'
<div name="center pane" id="center pane" align="center" size="50px" width="33%">
<form method="POST" action="" name="login_form" id="login_form" width="50%">
<fieldset>
<label for="domain">Domain</label>
<input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld">
<br>
<label for="password">Password</label>
<input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars">
<br>
</fieldset>
<fieldset>
<button type="submit" name="login" id="login" title="Submit Form">Login!</button>
</fieldset>
</form>
</div>
';
}
function check_user_input()
{
if(!EMPTY($_POST['domain']))
{
echo __LINE__; echo '<br>';//DELETE
$domain = trim($_POST['domain']);
}
elseif(!EMPTY($_POST['domain_email']))
{
echo __LINE__; echo '<br>';//DELETE
$domain_email = trim($_POST['domain_email']);
}
elseif(!EMPTY($_POST['password']))
{
echo __LINE__; echo '<br>';//DELETE
$password = trim($_POST['password']);
}
}
function process_login_form()
{
echo __LINE__; echo '<br>';//DELETE
Global $domain;
Global $password; //DELETE
Global $hashed_password;
//Query DB.
//Check if User already registered or not.
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
$conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
$stmt = mysqli_stmt_init($conn);
$sql = "SELECT id FROM domains WHERE domain = ? AND password = ?";
if(!mysqli_stmt_prepare($stmt,$sql))
{
echo __LINE__; echo '<br>';//DELETE
echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
echo '<br>';
echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
echo '<br>';
die('Registration a Failure!');
}
else
{
echo __LINE__; echo '<br>';//DELETE
mysqli_stmt_bind_param($stmt,"ss",$domain,$hashed_password);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt,$id);
mysqli_stmt_fetch($stmt);
if($num_rows = mysqli_stmt_num_rows($stmt)<1) //User not registered.
{
echo __LINE__; echo '<br>';//DELETE
echo 'password: '.$password; echo '<br>';
echo 'hashed password: '.$hashed_password; echo '<br>';
mysqli_stmt_close($stmt);
mysqli_close($conn);
die('Incorrect User Credentials!');
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
echo __LINE__; echo '<br>';//DELETE
echo 'password: ' .$password; echo '<br>';
echo 'hashed password: ' .$hashed_password; echo '<br>';
echo 'You are logged in!';
exit;
}
}