I get this error when trying to login to member account:
Fatal error: Uncaught TypeError: password_verify() expects parameter 2 to be string, null given in C:\xampp\htdocs\e_id\login.php:77 Stack trace: #0 C:\xampp\htdocs\e_id\login.php(77): password_verify('password', NULL) #1 {main} thrown in C:\xampp\htdocs\e_id\login.php on line 77
login.php
Code: Select all
<?php
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include 'config.php';
// check if user is already logged in
if (is_logged() === true)
{
//Redirect user to homepage page after 5 seconds.
header("refresh:2;url=home.php");
exit; //Added it so script runs no further if user is logged-in.
}
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (isset($_POST["login_username_or_email"]) && isset($_POST["login_password"]))
{
$username_or_email = trim($_POST["login_username_or_email"]); // I rid the mysqli_real_escape_string based on Mac_Guyver's suggestion.
$password = $_POST["login_password"];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
//Select Username or Email to check against Mysql DB if they are already registered or not.
$stmt = mysqli_stmt_init($conn);
/* From reg.php
$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
mysqli_stmt_bind_param($stmt, 'ss', $username, $email_confirmation);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
*/
if(strpos("$username_or_email", "@") === true)
{
$email = $username_or_email;
$username = "";
$stmt = mysqli_prepare($conn, "SELECT emails FROM users WHERE emails = ?");
mysqli_stmt_bind_param($stmt, 's', $email);
}
else
{
$username = $username_or_email;
$email = "";
$stmt = mysqli_prepare($conn, "SELECT usernames FROM users WHERE usernames = ?");
mysqli_stmt_bind_param($stmt, 's', $username);
}
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt); //Use either this line, or ...
//$result = mysqli_stmt_bind_result($stmt, $db_username); // ... this line. But not both.
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
var_dump($row);
// Check if inputted Username or Email is registered or not.
//Either type following paragraph or the next one but not both. Ask in forum which one is best.
// PARAGRAPH 1
if (!$result) // either this paragraph or ...
{
echo "Paragraph 1: Incorrect User Credentials!";
echo "Username/Email did not match!<br>"; //echo for debugging purpose. Remove from release version
echo "Username/Email $username_or_email<br>"; //echo for debugging purpose. Remove from release version
exit;
}
elseif (password_verify($password, $row['passwords']))
{
if($row['accounts_activations_statuses'] == '0')
{
echo "Paragraph 1: You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us.";
exit;
}
}
else
{
//If 'Remember Me' check box is checked then set the cookie.
if(!empty($_POST["login_remember"])) // Either use this line ....
//if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both!
{
setcookie("login_username", $username, time()+ (10*365*24*60*60));
}
else
{
//If Cookie is available then use it to auto log user into his/her account!
if (isset($_COOKIE['login_username']))
{
setcookie("login_username","","");
}
}
$_SESSION["user"] = $username;
header("location:home.php?user=$username");
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
<meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3><?php $site_name ?> Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label>Username/Email:</label>
<input type="text" placeholder="Enter Username" name="login_username_or_email" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
</div>
<div class="form-group">
<center><label>Remember Login Details:</label>
<input type="checkbox" name="login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>viewtopic.php?f=1&t=144266&p=709735#p709735
Thank you.