PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Tue Sep 29, 2020 4:30 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Thu Sep 28, 2017 7:42 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Folks,

Let us work on this following suggested code:

Syntax: [ Download ] [ Hide ]
if ($_SERVER['REQUEST_METHOD'] == "POST") // not really needed since you're checking $_POST
{
    if (isset($_POST["login_username"]) && isset($_POST["login_password"])) {
        $username = trim($_POST["login_username"]); //
        $password = trim($_POST["login_password"]); //
        $hashed_password = password_hash($_POST["login_password"], PASSWORD_DEFAULT);
        $sql = "
SELECT
  ids,
  usernames,
  passwords,
  emails,
  accounts_activations_statuses
FROM users
WHERE usernames = ?
  AND passwords = ?
"
;
        $stmt = mysqli_prepare($conn, $sql);
        mysqli_stmt_bind_param($stmt, 'ss', $username, $hashed_password);
        mysqli_stmt_execute($stmt);
        if (mysqli_stmt_num_rows($stmt)) {
            // found a match, we're good to go...
        } else {
            // whatever you do when user/password not found...
        }
    }
}  
 


Ok. The above was based on the User inputting his Username & Password.
Now, imagine the html login form gave the user a choice to either input his Username or Email and then his Password.
Now, how would you code it ? Where would you change to what ?
tbl column names are:
usernames
emails
passwords

Imagine the html form looks like this:

Syntax: [ Download ] [ Hide ]
<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<form method="post" action="">
        <h3><?= $site_name ?> Member Login Form</h3>
        <fieldset>
                <label for="login_name">Username/Email:</label>
                <input type="text" name="login_username_or_email" id="login_name" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
                <br>
                <label for="login_pass">Password:</label>
                <input type="password" name="login_password" id="login_pass" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
        </fieldset>
        <div class="submitsAndHiddens">
                <label for="login_remember">Remember Login Details:</label>
                <input type="checkbox" name="login_remember" />
                <br>
                <button type="submit">Login</button>
                <br>
                <a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
                <br>
                <a href="register.php">Register here!</a>
        </div>
</form>

</body>
</html>
 


On the form, I have not quite got the cookie thing ("Remember Me" feature sorted).

Another code I was suggested is the following but it is in pdo and my few pages of codes are in mysqli procedural style.
Hence, I need help converting this from pdo to mysqli procedural style.

Syntax: [ Download ] [ Hide ]
if (
        array_key_exists('login_username_or_email', $_POST) &&
        array_key_exists('login_password'], $_POST)
) {

        // don't bother trimming, they can't enter it right, don't let them log in!

        $stmt = $conn->prepare('
                SELECT ids, usernames, passwords, emails, accounts_activations_statuses
                FROM users
                WHERE '
. (
                        strpos($usernameOrEmail, '@') === false) ? 'usernames' : 'emails'
                ) . ' = ?
        '
);
        $stmt->bind_param('s', $_POST['login_username_or_email']);
        $stmt->execute();
        $stmt->bind_result(
                $db_id, $db_username, $db_password, $db_email,
                $db_account_activation_status
        );
       
        if (
                $stmt->fetch() &&
                password_verify($_POST['login_password'], $db_password)
        ) {
                echo '
                        <p>Login Successful</p>
                        <dl>
                                <dt>User Id</dt>
                                <dd>'
, $db_id, '</dd>
                                <dt>E-Mail</dt>
                                <dd>'
, $db_email, '</dd>
                                <dt>Username</dt>
                                <dd>'
, $db_username, '</dd>
                                <dt>Activation Stats</dt>
                                <dd>'
, $db_account_activation_status, '</dd>
                        </dl>
                '
;
        } else echo '<p>Invalid username or password</p>';     
        $stmt->close();
       
} else echo '<p>Missing username or password</p>';
 


I'd appreciate your own suggested code sample aswell but make sure it is in: mysqli procedural style.
This will be a good learning curve for newbies from this forum.


Top
 Profile  
 
PostPosted: Fri Sep 29, 2017 5:05 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada

_________________


Top
 Profile  
 
PostPosted: Sat Sep 30, 2017 8:37 pm 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197
Thanks Celeraun,

You are really valuable. You gave me my answer in one post. Look how hard I tried here to get my answer:
https://forums.phpfreaks.com/topic/3049 ... exception/
Look how many attempts I made!!!


Top
 Profile  
 
PostPosted: Tue Oct 03, 2017 5:32 pm 
Offline
Forum Regular
User avatar

Joined: Fri Sep 05, 2008 3:34 pm
Posts: 539
Location: Victoria, BC
you might want to add last_on as a filed so you can clean up dead accounts if desired


Top
 Profile  
 
PostPosted: Wed Oct 04, 2017 8:50 am 
Offline
Forum Contributor

Joined: Wed Jan 18, 2017 4:43 pm
Posts: 197


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 32 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group