1

I'm trying to construct login verifying system in PHP/MySQLi. The _POST data is being sent by AJAX request/jQuery, but I have simplified the code as much as possible to allow you to simulate the query even without the unnecessary data. I have also omitted the string verifiers(FILTER_SANITIZE_STRING etc.) for the sake of simplifying

The code (simplified) looks as follows:

 $email = "[email protected]";
$haslo = "averyhardpassword12345";

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
    $output = json_encode(array('type'=>'error', 'text' => 'Email address is not valid.'));
    die($output);
}
if(strlen($haslo)<3 || strlen($haslo)>20){
    $output = json_encode(array('type'=>'error', 'text' => 'Password must have between 3 and 20 characters.'));
    die($output);
}

    $mysqli = new mysqli("localhost", "myDbUsername", "myDbPW", "myDbName");

    $usercheckquery = "SELECT * FROM users WHERE email='$email'";
    $result = $mysqli->query($usercheckquery);
    while($row = mysqli_fetch_assoc($result))
    $emailbaza = $row['email'];
    $haslobaza = $row['haslo'];
    echo $haslobaza;
    echo $emailbaza;
    if (password_verify($haslo, $haslobaza) && $email == $emailbaza && !empty($data)) {
        $output = json_encode(array('type'=>'message', 'text' => 'Zalogowano...'));
        die($output);
    } else {
        $output = json_encode(array('type'=>'error', 'text' => 'Podany email lub hasło są nieprawidłowe.'));
        die($output);
    }

The problem is - i can't manage to find out what's wrong with this code. My final if statement never returns true, also I've found out that I can echo $row['email'], but when i echo $row['haslo'] it returns nothing.

Hope somebody could show me where have I made a mistake.

EDIT:

Oh, and haslo is saved in db in haslo column and is generated through password_hash($haslo, PASSWORD_BCRYPT);. Haslo column is varchar(255).

Improve this question
6
  • 2
    @Scuzzy my god, couldn't believe it was that simple... thanks! :D Commented Aug 5, 2017 at 13:24
  • Moved my comment to an answer :) Commented Aug 5, 2017 at 13:24
  • It's always good to get a second pair of eyes to see small things like this. Commented Aug 5, 2017 at 13:26
  • Question: Would this be safer with a query limit of 1 and no while clause? are you loading a single row or lots of rows? your consumption of the data would overwrite with each loop if there were many rows. every loop pushes the cursor forwards, you may not even need such a loop for just one result. Commented Aug 5, 2017 at 13:28
  • it is meant to find a single account connected with given mail, so it should always return just one row. shoud i use LIMIT 1 within my query? will this force any changes to while() loop? Commented Aug 5, 2017 at 13:30

1 Answer 1

Reset to default
3

your while loop need braces to encompass all your usage of $row

Otherwise $row will eventually return null and $haslobaza will also be null (it would be throwing a index error at this point)

while($row = mysqli_fetch_assoc($result))
{
  $emailbaza = $row['email'];
  $haslobaza = $row['haslo'];
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

So let me clarify - unless i brace both variables, it will only set the first one encountered and match with first $row result right?
Yeah only the first one would get filled out with the result of your last row, and the second one would get hit once the while is exhausted with null, the assignment of $row happens before the while is tested.
omitting the braces means the while loop only enacts on the next line of code.
"only enacts on the next line of code". Should be: only the next statement. You can have multiple statements on on a single line ;)
@PetervanderWal You are technically correct, the best kind of correct.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.