1

I have the following function/method in my PHP code, where I want to check for some user content, based on either password or a token and email.

function login($email, $password, $token) {

    if (isset($email)) {

        if (isset($password) && strlen($password) > 0) {
            $stmt = $this->con->prepare("SELECT users.user_id, logins.email, logins.token, users.firstname, users.lastname, users.username
                                     FROM users
                                     INNER JOIN logins
                                         ON users.login_id = logins.login_id
                                     WHERE logins.email=? AND logins.password=?");
            $stmt->bind_param("ss", $email, $password);

        } elseif ($token && strlen($token) > 0) {
            $stmt = $this->con->prepare("SELECT users.user_id, logins.email, logins.token, users.firstname, users.lastname, users.username
                                     FROM users
                                     INNER JOIN logins
                                         ON users.login_id = logins.login_id
                                     WHERE logins.email=? AND logins.token=?");
            $stmt->bind_param("ss", $email, $token);

        } else {
            return $this->error_login_failure;
        }

        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($rUserId, $rEmail, $rToken, $rFirstname, $rLastname, $rUsername);
        $stmt->fetch();


        if ($rUserId != null || strlen($rUserId) > 0) {
            $stmt->close();

            $newToken = $this->insertNewToken($email, $password, $rToken);
            if ($newToken == null) {

                return $this->error_login_failure;
            } else {
                $returnValues = array();
                $returnValues['userId'] = $rUserId;
                $returnValues['email'] = $rEmail;
                $returnValues['token'] = $rToken;
                $returnValues['firstname'] = $rFirstname;
                $returnValues['lastname'] = $rLastname;
                $returnValues['username'] = $rUsername;

                return $returnValues;
            }

        } else {
            $stmt->close();

            return $this->error_login_failure;
        }

    } else {
        return $this->error_login_failure;
    }
}

The problem is that, when I am passing the token (which is not null) I don't get anything returned. I have debugged it and found out that all input parameters are correct and the code reaches the elseif ($token && strlen($token) > 0) {. But when I try to get the returned data, nothing is returned. This is not happening if I pass in the password, only when it tries the second "if" with the token.

It also works if I take the second SQL query with the token as a parameter and run it in the terminal manually. I can't seem to find out what the problem is.

halfer
  • 19,824
  • 17
  • 99
  • 186
Langkiller
  • 3,377
  • 13
  • 43
  • 72
  • use mysqli error reporting? And please only catch the exceptions in the live environment. [http://stackoverflow.com/a/22662582/3184785](http://stackoverflow.com/a/22662582/3184785). Also: [Using PHP/MySQLi with error checking](https://www.daniweb.com/programming/web-development/code/434480/using-phpmysqli-with-error-checking) – Ryan Vincent Nov 25 '15 at 01:47

1 Answers1

0

The only difference I see between the password and token is the isset command. Try adding it like I did below and see if that fixes it. Other than that, I would verify the column names are correct.

function login($email, $password, $token) {

    if (isset($email)) {

        if (isset($password) && strlen($password) > 0) {
            $stmt = $this->con->prepare("SELECT users.user_id, logins.email, logins.token, users.firstname, users.lastname, users.username
                                     FROM users
                                     INNER JOIN logins
                                         ON users.login_id = logins.login_id
                                     WHERE logins.email=? AND logins.password=?");
            $stmt->bind_param("ss", $email, $password);

        } elseif (isset($token) && strlen($token) > 0) {
            $stmt = $this->con->prepare("SELECT users.user_id, logins.email, logins.token, users.firstname, users.lastname, users.username
                                     FROM users
                                     INNER JOIN logins
                                         ON users.login_id = logins.login_id
                                     WHERE logins.email=? AND logins.token=?");
            $stmt->bind_param("ss", $email, $token);

        } else {
            return $this->error_login_failure;
        }

        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($rUserId, $rEmail, $rToken, $rFirstname, $rLastname, $rUsername);
        $stmt->fetch();


        if ($rUserId != null || strlen($rUserId) > 0) {
            $stmt->close();

            $newToken = $this->insertNewToken($email, $password, $rToken);
            if ($newToken == null) {

                return $this->error_login_failure;
            } else {
                $returnValues = array();
                $returnValues['userId'] = $rUserId;
                $returnValues['email'] = $rEmail;
                $returnValues['token'] = $rToken;
                $returnValues['firstname'] = $rFirstname;
                $returnValues['lastname'] = $rLastname;
                $returnValues['username'] = $rUsername;

                return $returnValues;
            }

        } else {
            $stmt->close();

            return $this->error_login_failure;
        }

    } else {
        return $this->error_login_failure;
    }
}
kayleighsdaddy
  • 670
  • 5
  • 15