0

I am trying to login users with ID number and password. I have tried to write the code for my login system. The problem is that I have signed up 2 users and know the ID number and password then I put in correct values for password and ID and still get error messages. I set the ID number of one of my users to 123456789, when I enter that number in the ID number field it still shows invalid User ID. The password is hashed using BCRYPT and stored. I tried to match that as well but that also is not matching when I enter the same password into the password field.

There is also the error message: "mysqli_num_rows() expects parameter 1 to be mysqli_result, bool given in C:\Users.... on line 25" when I run the code

I looked at example code here on stackoverflow,youTube and through Google but I can't seem to figure the problem with this code.


    <?php
    session_start();

    //variables to store errors initialized to empty string
    $id_error=$pwd_error="";
    //initialize variables
    $ID_Number= $password="";


    if (isset($_POST["login"])) 
    { // if submit (login) button is pressed(clicked)--

            require_once("DBconnection.php"); //require connection to database
            $password=$_POST["password"];
            $ID_Number =  htmlspecialchars($_POST["id_Number"]);

            if(empty($_POST["id_Number"])) //if the ID number field is empty 
                {
                    $id_error="Please enter your ID number"; //error message
                }
            else
            {
                    $sql_chk="SELECT * FROM 'users_information' WHERE UserID ='$ID_Number';"; //look for 
             //ID number in database. There should be 1 row 
                    $result_chk= mysqli_query($conn,$sql_chk); //result of query
                if(mysqli_num_rows($result_chk)>0) // if there is a row
                {
                    while ($row = mysqli_fetch_assoc($result_chk)) //returns row as associated array

                    {   // check if password matches database password
                        if(password_verify($password,$row["User_Password"])==True)
                        {
                        $_SESSION['user']= $ID_Number;
                        $_SESSION['correct_password']="correct password";
                        header("location: profile.php");
                        }
                        else
                        {
                            $pwd_error="invalid password";
                        }
                    }
                }
                else
                {
                    $id_error = "Invalid User ID";
                }
            }
        print_r($_POST);
        mysqli_close($conn); // close connection        
    } 
    ?>
    ```
user7843250
  • 1
  • 2

0 Answers0