0

Doing a project with Login, Register Options but came upon an issue with logging in to the profile.

After Inputting correct data in email, password field it doesn't echo the Success text but echoes the Incorrect Username or Password.

From what I'm seeing if($st->num_rows() == 1){ migt be the issue but cant seem to find how to fix it.

public function Login($Email, $Password){
        if(!empty($Email) && !empty($Password)){

            $st = $this->db->prepare("SELECT * FROM usertable WHERE Email=? and Password=?");
            $st->bind_Param("ss", $Email,$Password);
            //$st->bindParam(2, $Password);

            $st->execute();



            if($st->num_rows() == 1){
                    echo 'Login Was Sucessfull';
                        header('Location: Success.php');
            }else {

                 echo 'Incorrect Username Or Password';
            }
        }else {
         echo '<script type="text/javascript">alert("Please Enter Username or Password");</script>';
        }


}
AlexA
  • 13
  • 2
  • 3
    **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Oct 30 '17 at 15:41
  • 1
    Because `header()` redirects you to other url. You know what `header()` does, don't you? – u_mulder Oct 30 '17 at 15:41
  • Of you think `$st->num_rows()` is the problem have you checked what its value is? – Jay Blanchard Oct 30 '17 at 15:44
  • The header isn't the issue since it doesn't get to the part when inputting correct values. – AlexA Oct 30 '17 at 15:47
  • **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text**. – tadman Oct 30 '17 at 15:48
  • http://php.net/manual/en/mysqli-result.num-rows.php#105289 – Patrick Q Oct 30 '17 at 15:50
  • By Adding $st->store_result(); Problem was solved. Thanks Patrick :) – AlexA Oct 30 '17 at 15:54
  • Possible duplicate of [simplified: mysqli num\_rows not working](https://stackoverflow.com/questions/13188645/simplified-mysqli-num-rows-not-working) – Patrick Q Oct 30 '17 at 15:56

1 Answers1

0

You use $st->num_rows() == 1 to check for result, therefore your login attempt would only work if you only have one result, check your database if you have equal username/password combinations, or you could use $st->num_rows() > 0 instead.

A side note also, the php header does not work if anything has already been output such as echo 'Login Was Sucessfull';

Ilias
  • 86
  • 1
  • 13