PHP Login Code not working - Database Connection is okay

Question

I'm trying to set up a Register + Login for one of my Sites. The Registration process works completely fine but the Login seems to fail every time.

This is the register.php

<?php
require_once "config.php";
require_once "session.php";

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
    
    $fullname = trim($_POST['name']);
    $email = trim($_POST['email']);
    $password = trim($_POST['password']);
    $confirm_password = trim($_POST['confirm_password']);
    $password_hash = password_hash($password, PASSWORD_BCRYPT);
    
    if($query = $db->prepare("SELECT * FROM users WHERE email =?")) {
        $error = '';
            $query->bind_param('s', $email);
        $query->execute();
        $query->store_result();
        if ($query->num_rows >0) {
            $error .= '<p class="error">E-Mail already registered</p>';
        }
        if (empty($confirm_password)) {
            $error .= '<p class="error">Passwords do not match.</p>';
        }
        if (empty($error)) {
            $insertQuery = $db->prepare("INSERT INTO users (name, email, password) VALUES (?, ?, ?);");
            $insertQuery->bind_param("sss", $fullname, $email, $password_hash);
            $result = $insertQuery->execute();
            if ($result) {
                $error .= '<p class="success">Your Registration was succesful!</p>';
            } else {
                $error .= '<p class="error">Something went wrong!</p>';
            }
        }
    }

$query->close();
$insertQuery->close();
mysqli_close($db);
}
?>

This is the Login.php

<?php
require_once "config.php";
require_once "session.php";
$error = '';
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
    $email = trim($_POST['email']);
    $password = trim($_POST['password']) ;
    if (empty($email)) {
        $error .= '<p class="error">Please enter email.</p>';
    }
    if (empty($password)) {
        $error .= '<p class="error">Please enter password.</p>';
    }
    if (empty($error)){
        if($query = $db->prepare("SELECT * FROM users WHERE email = ?")) {
            $query->bind_param('s',$email);
            $query->execute();
            $row = $query->fetch();
            if ($row) {
                if (password_verify($password, $row['password'])) {
                    $_SESSION["userid"] = $row['id'];
                    $SESSION["user"] = $row;
                    header("location: index2.php");
                    exit;
                }else{
                    $error.= '<p class="error">The password is not valid.</p>';
                }
            }else{
                $error.= '<p class="error">Wrong mail.</p>';
            }
        }
        $query->close();
    }
    mysqli_close($db);
}
?>

According to Online PHP Checker my Code should be correct. There are no Errors in Console and I really don't know what exactly i did wrong. Hope someone can help me with this!

Is your database column wide enough to store the hashed password? — droopsnoot, Aug 12 '22 at 11:27
What actually happens when the login "fails every time"? Do you get an error message? How far through the login code does it get before it starts to go wrong? One thing - don't give too much away in your user error messages - most people advise on just saying something like "login failed" rather than specifying which of the two bits of information was incorrect - by doing so, you're allowing someone to figure out what emails are in your table. — droopsnoot, Aug 12 '22 at 11:29
"Not working" isn't an error message or problem statement. We can't run your code. Please do some more detailed debugging and narrow down the issue a bit. — ADyson, Aug 12 '22 at 11:30
@droopsnoot User gets an Error Message with "The password is not valid." and it redirects back to the login screen — Bernhard Alber, Aug 12 '22 at 11:31
Do you need to use `bind_result()` in there somewhere? I'm not familiar with mysqli but the example code seems to use it. I use PDO where there's no similar function. — droopsnoot, Aug 12 '22 at 11:32
Have you checked this post? https://stackoverflow.com/questions/33506100/password-verify-not-working-with-password-hash-bcrypt — rf1234, Aug 12 '22 at 11:32
When you step through the login code, where does it fail? Does it find the user in the database, does it fail when verifying the password? — droopsnoot, Aug 12 '22 at 11:32
you can try var_dump() data at different levels so you can understand where in your code your error exits. — Aqib Javed, Aug 12 '22 at 11:34
@droopsnoot header("location: index2.php"); exit; }else{ $error.= '
The password is not valid.
'; } — Bernhard Alber, Aug 12 '22 at 11:34
Actually, on reading the documentation, it is the use of `fetch()` that is wrong here. `mysqli_fetch()` returns either true, false or null, it does not return a row of data. https://www.php.net/manual/en/mysqli-stmt.fetch.php - if you had a quick look at what's in `$row` you would see that. It's not too late to switch to PDO. — droopsnoot, Aug 12 '22 at 11:41

score 2 · Answer 1 · answered Aug 12 '22 at 11:44

2

This line is the issue, I expect:

 $row = $query->fetch();

According to the documentation, the fetch() function returns true, false or null - it does not return a row of data. You need to use bind_result() to map the results from the query into variables.

https://www.php.net/manual/en/mysqli-stmt.fetch.php

answered Aug 12 '22 at 11:44

droopsnoot

931
1
7
11

another option would be get_result() then you can call fetch_assoc on the result object https://www.php.net/manual/en/mysqli-stmt.get-result.php – MikeT Aug 12 '22 at 11:46

PHP Login Code not working - Database Connection is okay

1 Answers1