0

I'm trying to set up a Register + Login for one of my Sites. The Registration process works completely fine but the Login seems to fail every time.

This is the register.php

<?php
require_once "config.php";
require_once "session.php";

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
    
    $fullname = trim($_POST['name']);
    $email = trim($_POST['email']);
    $password = trim($_POST['password']);
    $confirm_password = trim($_POST['confirm_password']);
    $password_hash = password_hash($password, PASSWORD_BCRYPT);
    
    if($query = $db->prepare("SELECT * FROM users WHERE email =?")) {
        $error = '';
            $query->bind_param('s', $email);
        $query->execute();
        $query->store_result();
        if ($query->num_rows >0) {
            $error .= '<p class="error">E-Mail already registered</p>';
        }
        if (empty($confirm_password)) {
            $error .= '<p class="error">Passwords do not match.</p>';
        }
        if (empty($error)) {
            $insertQuery = $db->prepare("INSERT INTO users (name, email, password) VALUES (?, ?, ?);");
            $insertQuery->bind_param("sss", $fullname, $email, $password_hash);
            $result = $insertQuery->execute();
            if ($result) {
                $error .= '<p class="success">Your Registration was succesful!</p>';
            } else {
                $error .= '<p class="error">Something went wrong!</p>';
            }
        }
    }

$query->close();
$insertQuery->close();
mysqli_close($db);
}
?>

This is the Login.php

<?php
require_once "config.php";
require_once "session.php";
$error = '';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
    $email = trim($_POST['email']);
    $password = trim($_POST['password']) ;
    if (empty($email)) {
        $error .= '<p class="error">Please enter email.</p>';
    }
    if (empty($password)) {
        $error .= '<p class="error">Please enter password.</p>';
    }
    if (empty($error)){
        if($query = $db->prepare("SELECT * FROM users WHERE email = ?")) {
            $query->bind_param('s',$email);
            $query->execute();
            $row = $query->fetch();
            if ($row) {
                if (password_verify($password, $row['password'])) {
                    $_SESSION["userid"] = $row['id'];
                    $SESSION["user"] = $row;
                    header("location: index2.php");
                    exit;
                }else{
                    $error.= '<p class="error">The password is not valid.</p>';
                }
            }else{
                $error.= '<p class="error">Wrong mail.</p>';
            }
        }
        $query->close();
    }
    mysqli_close($db);
}
?>

According to Online PHP Checker my Code should be correct. There are no Errors in Console and I really don't know what exactly i did wrong. Hope someone can help me with this!

Improve this question
12
  • Is your database column wide enough to store the hashed password? Commented Aug 12, 2022 at 11:27
  • 1
    What actually happens when the login "fails every time"? Do you get an error message? How far through the login code does it get before it starts to go wrong? One thing - don't give too much away in your user error messages - most people advise on just saying something like "login failed" rather than specifying which of the two bits of information was incorrect - by doing so, you're allowing someone to figure out what emails are in your table. Commented Aug 12, 2022 at 11:29
  • 1
    "Not working" isn't an error message or problem statement. We can't run your code. Please do some more detailed debugging and narrow down the issue a bit. Commented Aug 12, 2022 at 11:30
  • 1
    Do you need to use bind_result() in there somewhere? I'm not familiar with mysqli but the example code seems to use it. I use PDO where there's no similar function. Commented Aug 12, 2022 at 11:32
  • 2
    Actually, on reading the documentation, it is the use of fetch() that is wrong here. mysqli_fetch() returns either true, false or null, it does not return a row of data. php.net/manual/en/mysqli-stmt.fetch.php - if you had a quick look at what's in $row you would see that. It's not too late to switch to PDO. Commented Aug 12, 2022 at 11:41

1 Answer 1

Reset to default
2

This line is the issue, I expect:

 $row = $query->fetch();

According to the documentation, the fetch() function returns true, false or null - it does not return a row of data. You need to use bind_result() to map the results from the query into variables.

https://www.php.net/manual/en/mysqli-stmt.fetch.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

another option would be get_result() then you can call fetch_assoc on the result object php.net/manual/en/mysqli-stmt.get-result.php

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.