MySQL Login system returning an error

Website Building
#1

Hello there! I was hoping you could help me with an error message i’ve been receiving when trying to make a login page.

Log In Page Code - https://hastebin.com/isawidoxug.xml

<?PHP
require 'configure.php';

$db_handle = mysqli_connect(DB_SERVER, DB_USER, DB_PASS );

print "Server found" . "<BR>";

$database = "u631074255_users";

$db_found = mysqli_select_db( $db_handle, $database );

if ($db_found) {

$SQL = "SELECT username, password FROM accounts";
$result = mysqli_query($db_handle, $SQL);

while ( $db_field = mysqli_fetch_assoc($result) ) {

print "Username: ";
print $db_field['username'] . "<BR>";
print "Password: ";
print $db_field['password'] . "<BR>";

}

}

else {

print "Database not found";

}

mysqli_close($db_handle);

?>

Error -

Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in /home/u631074255/public_html/zyro/6.php:23 Stack trace: #0 /home/u631074255/public_html/zyro/index.php(48): include() #1 /home/u631074255/public_html/index.php(3): include('/home/u63107425...') #2 {main} thrown in /home/u631074255/public_html/zyro/6.php on line 23

#2

Hi as I am not familiar with PHP. So you can use this login.php code written by @ckhawand as a tutorial. Or you can wait for him to correct your this coding.

<?php
     ob_start();
     session_start();
     include_once 'dbconnect.php';

     if ( isset($_SESSION['user'])!="" ) {
      header("Location: home.php");
      exit;
     }
     
     $error = false;
     
     if( isset($_POST['btn-login']) ) { 
      
      $email = trim($_POST['email']);
      $email = strip_tags($email);
      $email = htmlspecialchars($email);
      
      $pass = trim($_POST['pass']);
      $pass = strip_tags($pass);
      $pass = htmlspecialchars($pass);
      
      if(empty($email)){
       $error = true;
       $emailError = "Please enter your email address.";
      } else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
       $error = true;
       $emailError = "Please enter a valid email address.";
      }
      
      if(empty($pass)){
       $error = true;
       $passError = "Please enter your password.";
      }
      
      if (!$error) {
       
       $password = hash('sha256', $pass);
      
       $res=mysqli_query($conn,"SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
       $row=mysqli_fetch_array($res);
       $count = mysqli_num_rows($res);
       
       if( $count == 1 && $row['userPass']==$password ) {
        $_SESSION['user'] = $row['userId'];
        header("Location: home.php");
       } else {
        $errMSG = "Incorrect Credentials, Please try again...";
       }
        
      }
      
     }
    ?>
1 Like
#3

I’ll have to wait for someone to fix what I have already, i’m fairly new to PHP so i’m decently lost here haha

#4

Paste your line 23 please? :slight_smile:

#5

Please don’t recommend that code - see the tutorial page for a lengthy discussion of the several serious security problems within. Folks who use that will get hacked in short order, if their login is protecting anything even slightly valuable.

1 Like
#6

This problem can be searched for using a search engine - it appears every other week on Stack Overflow! The prepare() call failed and returned false - you need to trap that in your code, so it is better handled, and then find out what causes it in this instance. Maybe the table or the column you’ve specified does not exist?

Aside: I notice that you’re using parameter binding and password hashing. Both are excellent in security terms, well done.

1 Like
#7

Thank you very much for that compliment haha :slight_smile: I’ll try and figure out what to do now

#8

(Hint: put your error into a search engine as you see it on the page. Feel free to add a couple of other useful terms if necessary, like “PHP MySQL”).

1 Like
#9

Yes, thank you for the advice. Sorry for taking your time x

#10

Not a problem at all. I should say that my encouraging you to do some research is to help you get better at it - if I just provided answers, that only helps you now, not in the long term. It’s the old adage about “teaching a man to fish”. :slightly_smiling_face:

1 Like
#11

Mhm… Well, the main issue was that I put my database instead of table. Only thing I have to do now is work out how to complete the authentication xD And make it actually go to another page if it’s right, and send an error message if it isn’t which that code SHOULD do. But it won’t, so I guess I need to do a LOT more research :stuck_out_tongue:

#12

In your code, you have this on login success:

header ("Location: ./login.php");

That sends a message to the browser to redirect to the new location, though I would change it slightly:

header ("Location: logged-in.php");
exit();

I’ve changed:

  • the location it goes to should be your logged in page, not the login page
  • the ./ thing was wrong, that looked like a file reference - you want a URL here
  • once you’ve sent a Location header, you should stop the script (with an exit) otherwise PHP will carry on trying to execute the script, right up until the browser breaks the connection
2 Likes
#13

Absolutely great, thanks for that matey… Small issue now though, is that the form redirects to the page it says in the action attribute, which is the same page as the login form and where all this code is in instead of where I put in the Location: bit. And it doesn’t seem to check for for anything either, it just passes it no matter what I put. This is honestly irritating me, i’m so confused at this point because everything i’ve done is correct as far as I can see :confused:

Could someone further help me on this post, or maybe even PM me?