PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Aug 15, 2020 2:59 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Fri Sep 15, 2017 5:30 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Php Gurus,

I get this error when trying to login to member account:

Fatal error: Uncaught TypeError: password_verify() expects parameter 2 to be string, null given in C:\xampp\htdocs\e_id\login.php:77 Stack trace: #0 C:\xampp\htdocs\e_id\login.php(77): password_verify('password', NULL) #1 {main} thrown in C:\xampp\htdocs\e_id\login.php on line 77


login.php
Syntax: [ Download ] [ Hide ]
<?php
 
/*
ERROR HANDLING
*/

declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 
include 'config.php';
 
// check if user is already logged in
if (is_logged() === true)
{
        //Redirect user to homepage page after 5 seconds.
        header("refresh:2;url=home.php");
        exit; //Added it so script runs no further if user is logged-in.
}


if ($_SERVER['REQUEST_METHOD'] == "POST")
{
        if (isset($_POST["login_username_or_email"]) && isset($_POST["login_password"]))
        {
                $username_or_email = trim($_POST["login_username_or_email"]); // I rid the mysqli_real_escape_string based on Mac_Guyver's suggestion.
                $password = $_POST["login_password"];
                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
         
                //Select Username or Email to check against Mysql DB if they are already registered or not.
                $stmt = mysqli_stmt_init($conn);
               
                /* From reg.php
                $stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
                mysqli_stmt_bind_param($stmt, 'ss', $username, $email_confirmation);
                mysqli_stmt_execute($stmt);
                $result = mysqli_stmt_get_result($stmt);
               
                $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
                */

               
        if(strpos("$username_or_email", "@") === true)
                {
                        $email = $username_or_email;
                        $username = "";
                        $stmt = mysqli_prepare($conn, "SELECT emails FROM users WHERE emails = ?");                    
                        mysqli_stmt_bind_param($stmt, 's', $email);
                }
                else
                {
                        $username = $username_or_email;
                        $email = "";
                        $stmt = mysqli_prepare($conn, "SELECT usernames FROM users WHERE usernames = ?");
                        mysqli_stmt_bind_param($stmt, 's', $username);                 
                }              
                mysqli_stmt_execute($stmt);
                $result = mysqli_stmt_get_result($stmt); //Use either this line, or ...
                //$result = mysqli_stmt_bind_result($stmt, $db_username); // ... this line. But not both.
 
                $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
                printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
                var_dump($row);
               
                // Check if inputted Username or Email is registered or not.
                //Either type following paragraph or the next one but not both. Ask in forum which one is best.
 
                // PARAGRAPH 1
                       
                if (!$result) // either this paragraph or ...
                {
                        echo "Paragraph 1: Incorrect User Credentials!";
                        echo "Username/Email did not match!<br>"; //echo for debugging purpose. Remove from release version
                        echo "Username/Email $username_or_email<br>"; //echo for debugging purpose. Remove from release version
                        exit;                          
                }
                elseif (password_verify($password, $row['passwords']))
                {
                        if($row['accounts_activations_statuses'] == '0')
                        {
                                echo "Paragraph 1: You have not activated your account yet! Check your email for instructions on how to activate it. Check your spam folder if you don't find an email from us.";
                                exit;
                        }
                }
                else
                {
                        //If 'Remember Me' check box is checked then set the cookie.
                        if(!empty($_POST["login_remember"])) // Either use this line ....
                        //if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both!
                        {
                                setcookie("login_username", $username, time()+ (10*365*24*60*60));
                        }
                        else
                        {
                                //If Cookie is available then use it to auto log user into his/her account!
                                if (isset($_COOKIE['login_username']))
                                {
                                        setcookie("login_username","","");
                                }
                        }
                $_SESSION["user"] = $username;
                header("location:home.php?user=$username");                            
                }                      
        }
}
       
?>

<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<div class = "container">
<form method="post" action="">
<center><h3><?php $site_name ?> Member Login Form</h3></center>
<div class="text-danger">
<div class="form-group">
<center><label>Username/Email:</label>
<input type="text" placeholder="Enter Username" name="login_username_or_email" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
</div>
<div class="form-group">
<center><label>Password:</label>
<input type="password" placeholder="Enter password" name="login_password" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
</div>
<div class="form-group">
<center><label>Remember Login Details:</label>
<input type="checkbox" name="login_remember" /></center>
</div>
<div class="form-group">
<center><input type="submit" name="login_submit" value="Login" class="button button-success" /></center>
</div>
<div class="form-group">
<center><font color="red" size="3"><b>Forgot your password ?</b><br><a href="login_password_reset.php">Reset it here!</a></font></center>
<center><font color="red" size="3"><b>Not registered ?</b><br><a href="register.php">Register here!</a></font></center>
</form>
</div>
</body>
</html>


If you want to see the registration.php then look here:


Thank you.


Last edited by requinix on Sat Sep 16, 2017 12:29 am, edited 1 time in total.
use [syntax=php] tags instead of [php]


Top
 Profile  
 
PostPosted: Sat Sep 16, 2017 1:14 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US
The error message says $row['passwords'] is null. Find out why and you can solve the problem. Is it the right field name?
Syntax: [ Download ] [ Hide ]
                elseif (password_verify($password, $row['passwords']))
 

_________________
(#10850)


Top
 Profile  
 
PostPosted: Sat Sep 16, 2017 4:26 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Chris,

That is the problem. The "passwords" column has atleast got one entry. It is not blank. So, why getting this error ?


Top
 Profile  
 
PostPosted: Sat Sep 16, 2017 4:56 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
I switched this:
password_verify($password, $row['passwords']);
To this:
password_verify($password, (string)$row['passwords']);

And this error is gone:
"Fatal error: Uncaught TypeError: password_verify() expects parameter 2 to be string, null given in C:\xampp\htdocs\e_id\login.php:77
Stack trace:
#0 C:\xampp\htdocs\e_id\login.php(77): password_verify('password', NULL)
#1 {main} thrown in C:\xampp\htdocs\e_id\login.php on line 77".

But should the code really be like that by Type Casting the password_verify 2nd param ?


Top
 Profile  
 
PostPosted: Sun Sep 17, 2017 6:32 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada

_________________


Top
 Profile  
 
PostPosted: Sun Sep 17, 2017 8:07 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 5:11 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada
The auto-generated salt is going to be different every time you run password_hash, so you'll get different hashes out. This is a good thing. It does, however, mean you can't compare two hashes of the same password. You need to use password_verify

_________________


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 6:40 am 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Celeraun,

I did use password_verify. Look at my previous post on my 1st attempt in the test out of 2 attempts.
Thanks for telling me the alt changes everytime. Was not aware of it. :)


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 6:54 am 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
How do I output what password the password_verify function is getting so I can check what it is getting with what is in the db ?


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 8:19 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada

_________________


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 8:20 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada

_________________


Top
 Profile  
 
PostPosted: Mon Sep 18, 2017 5:40 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197


Top
 Profile  
 
PostPosted: Thu Sep 21, 2017 5:20 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Sorry, Celeraun.
I had forgotten that I opened a thread here. Otherwise I never would have opened a duplicate here:
viewtopic.php?f=1&t=144290

Frankly, first do delete that thread instead of locking it and then delete this post so no reference to it exists online.


Last edited by UniqueIdeaMan on Wed Oct 04, 2017 8:59 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Sep 21, 2017 6:13 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197


Top
 Profile  
 
PostPosted: Fri Sep 22, 2017 5:10 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada

_________________


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group