0

This a multi login system, so when a user logs in, they can only see what is meant for them to see, only the admin can see all of the user's info.

This works at home, but when I take it to the server it won't work because of outdated PHP libraries. I know at some point that would have to be updated but it is out of my hands. I hope someone can help me out with this.

I can't use mysqli_stmt::get_result (because of outdated PHP). Can anybody help me adequate this code with mysqli_stmt::bind_result and mysqli_stmt::fetch?

To update libraries in PHP is not an option at this point.

<?php
    session_start();

    $conn = new mysqli("localhost","root","root","numbers");

    $msg="";

    if(isset($_POST['login'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $password = sha1($password);
        $userType = $_POST['userType'];

        $sql = "SELECT * FROM users WHERE username=? AND password=? AND user_type=?";

        $stmt=$conn->prepare($sql);
        $stmt->bind_param("sss",$username,$password,$userType);
        $stmt->execute();
        $result = $stmt->get_result();
        $row = $result->fetch_assoc();

        session_regenerate_id();
        $_SESSION['username'] = $row['username'];
        $_SESSION['role'] = $row['user_type'];
        session_write_close();

        if($result->num_rows==1 && $_SESSION['role']=="user1"){
            header("location:user1.php");
        }
        else if($result->num_rows==1 && $_SESSION['role']=="user2"){
            header("location:user2.php");
        }
        else if($result->num_rows==1 && $_SESSION['role']=="user3"){
            header("location:user3.php");
        }
        else if($result->num_rows==1 && $_SESSION['role']=="admin"){
            header("location:admin.php");
        }
        else {
            $msg = "Username and/or password incorrect!";
        }
    }
?>
mkrieger1
  • 19,194
  • 5
  • 54
  • 65
Therealguma
  • 5
  • 2
  • "It won't work" is a pretty broad description of your problem. Maybe you want to clarify that a bit? – Nico Haase Mar 24 '20 at 16:09
  • 4
    _"I can't use mysqli_stmt::get_result (because of outdated PHP)"_ - Are you saying that the server is using an older version than 5.3?? Then I would go back to the "powers that be" and explain to them that they are using a _very_ old version that hasn't gotten any updates _for years_ (august 2014). Not only is it _way_ slower than current 7+ versions, it also insecure since it doesn't get any security patches either. – M. Eriksson Mar 24 '20 at 16:11
  • 3
    When the server is updated, you should also use PHP's [password_hash()](https://www.php.net/manual/en/function.password-hash.php) to create a secure password hash instead of the old and fast `sha1()`. – M. Eriksson Mar 24 '20 at 16:18
  • **What version** of PHP is on your live server? Come to that what version are you developing on at home as well – RiggsFolly Mar 24 '20 at 16:24
  • 1
    ALL current PHP versions cupport mysqlnd. All you need is to tick some option in the cpanel – Your Common Sense Mar 24 '20 at 16:25

0 Answers0