Login With Username or Email And Password - Cleaning Up The

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
UniqueIdeaMan
Forum Contributor
Posts: 197
Joined: Wed Jan 18, 2017 3:43 pm

Login With Username or Email And Password - Cleaning Up The

Post by UniqueIdeaMan »

Folks,

Let us work on this following suggested code:

Code: Select all

if ($_SERVER['REQUEST_METHOD'] == "POST") // not really needed since you're checking $_POST
{
    if (isset($_POST["login_username"]) && isset($_POST["login_password"])) {
        $username = trim($_POST["login_username"]); //
        $password = trim($_POST["login_password"]); //
        $hashed_password = password_hash($_POST["login_password"], PASSWORD_DEFAULT);
        $sql = "
SELECT
  ids,
  usernames, 
  passwords, 
  emails, 
  accounts_activations_statuses 
FROM users 
WHERE usernames = ?
  AND passwords = ?
";
        $stmt = mysqli_prepare($conn, $sql);
        mysqli_stmt_bind_param($stmt, 'ss', $username, $hashed_password);
        mysqli_stmt_execute($stmt);
        if (mysqli_stmt_num_rows($stmt)) {
            // found a match, we're good to go...
        } else {
            // whatever you do when user/password not found...
        }
    }
}  
Ok. The above was based on the User inputting his Username & Password.
Now, imagine the html login form gave the user a choice to either input his Username or Email and then his Password.
Now, how would you code it ? Where would you change to what ?
tbl column names are:
usernames
emails
passwords

Imagine the html form looks like this:

Code: Select all

<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<form method="post" action="">
	<h3><?= $site_name ?> Member Login Form</h3>
	<fieldset>
		<label for="login_name">Username/Email:</label>
		<input type="text" name="login_username_or_email" id="login_name" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
		<br>
		<label for="login_pass">Password:</label>
		<input type="password" name="login_password" id="login_pass" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
	</fieldset>
	<div class="submitsAndHiddens">
		<label for="login_remember">Remember Login Details:</label>
		<input type="checkbox" name="login_remember" />
		<br>
		<button type="submit">Login</button>
		<br>
		<a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
		<br>
		<a href="register.php">Register here!</a>
	</div>
</form>

</body>
</html>
On the form, I have not quite got the cookie thing ("Remember Me" feature sorted).

Another code I was suggested is the following but it is in pdo and my few pages of codes are in mysqli procedural style.
Hence, I need help converting this from pdo to mysqli procedural style.

Code: Select all

if (
	array_key_exists('login_username_or_email', $_POST) &&
	array_key_exists('login_password'], $_POST)
) {

	// don't bother trimming, they can't enter it right, don't let them log in!

	$stmt = $conn->prepare('
		SELECT ids, usernames, passwords, emails, accounts_activations_statuses
		FROM users
		WHERE ' . (
			strpos($usernameOrEmail, '@') === false) ? 'usernames' : 'emails'
		) . ' = ?
	');
	$stmt->bind_param('s', $_POST['login_username_or_email']);
	$stmt->execute();
	$stmt->bind_result(
		$db_id, $db_username, $db_password, $db_email,
		$db_account_activation_status
	);
	
	if (
		$stmt->fetch() &&
		password_verify($_POST['login_password'], $db_password)
	) {
		echo '
			<p>Login Successful</p>
			<dl>
				<dt>User Id</dt>
				<dd>', $db_id, '</dd>
				<dt>E-Mail</dt>
				<dd>', $db_email, '</dd>
				<dt>Username</dt>
				<dd>', $db_username, '</dd>
				<dt>Activation Stats</dt>
				<dd>', $db_account_activation_status, '</dd>
			</dl>
		';
	} else echo '<p>Invalid username or password</p>';	
	$stmt->close();
	
} else echo '<p>Missing username or password</p>';
I'd appreciate your own suggested code sample aswell but make sure it is in: mysqli procedural style.
This will be a good learning curve for newbies from this forum.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Login With Username or Email And Password - Cleaning Up

Post by Celauran »

UniqueIdeaMan wrote:Ok. The above was based on the User inputting his Username & Password.
Now, imagine the html login form gave the user a choice to either input his Username or Email and then his Password.
Now, how would you code it ? Where would you change to what ?
tbl column names are:
usernames
emails
passwords
Remove password from where clause. You're storing the password hashed, then you're hashing it again -- with a different salt -- before querying. Those hashes won't match. As for allowing username or email, why not just use an OR in your WHERE statement?

Code: Select all

SELECT
  ids,
  usernames,
  passwords,
  emails,
  accounts_activations_statuses
FROM users
WHERE usernames = ? OR emails = ?
You'll get back rows matching the provided username or email and can then pass the hashed password return by the query and the clear text password provided by the user to password_verify.
UniqueIdeaMan
Forum Contributor
Posts: 197
Joined: Wed Jan 18, 2017 3:43 pm

Re: Login With Username or Email And Password - Cleaning Up

Post by UniqueIdeaMan »

Thanks Celeraun,

You are really valuable. You gave me my answer in one post. Look how hard I tried here to get my answer:
https://forums.phpfreaks.com/topic/3049 ... exception/
Look how many attempts I made!!!
User avatar
Vegan
Forum Regular
Posts: 574
Joined: Fri Sep 05, 2008 3:34 pm
Location: Victoria, BC
Contact:

Re: Login With Username or Email And Password - Cleaning Up

Post by Vegan »

you might want to add last_on as a filed so you can clean up dead accounts if desired
Hardcore Games™ Legendary is the Only Way to Play™
My site is powered by LAMP
UniqueIdeaMan
Forum Contributor
Posts: 197
Joined: Wed Jan 18, 2017 3:43 pm

Re: Login With Username or Email And Password - Cleaning Up

Post by UniqueIdeaMan »

Vegan wrote:you might want to add last_on as a filed so you can clean up dead accounts if desired
last_on ? I'm confused. Care to show a snippet ?
Post Reply