0

I wrote a login script for a website that I am building using resources I have found online. When I ran my code on a local server it worked fine but now that I am actually running it online on a real server it doesn't work. I think I have narrowed down my error but with being new to PHP and not having prior experience with MySql I can't really fix my problem. This is the file for the login script:

  //login file
<?php
class Login{
    private $db_connection = null;

    public function __construct(){
        session_start();
        $this->dologinWithPostData();
    }

    private function dologinWithPostData(){

             $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

            if (!$this->db_connection()->connect_errno) {

                // escape the POST stuff
                $email = $_POST['email'];
                // database query, getting all the info of the selected user (allows login via email address in the
                // username field)
                $sql = "SELECT email, password
                        FROM users
                        WHERE email = '" . $email ."'";

                $result_of_login_check = $this->db_connection->query($sql);//This is 0

                // if this user exists
                if ($result_of_login_check->num_rows == 1) {
                    // get result row (as an object)
                    $result_row = $result_of_login_check->fetch_object();
                    // using PHP 5.5's password_verify() function to check if the provided password fits
                    // the hash of that user's password
                    if ($_POST['password'] == $result_row->password) {
                        // write user data into PHP SESSION (a file on your server)
                        $_SESSION['email'] = $result_row->email;
                        $_SESSION['user_login_status'] = 1;
                    } else {
                        $this->errors[] = "Wrong password. Try again.";
                        $_SESSION['user_login_status'] = 0;
                    }
                } else {
                    $this->errors[] = "This user does not exist.";
                }
            } else {
                $this->errors[] = "Database connection problem.";
            }
        }

    print_r($this->errors);
    }

    public function isUserLoggedIn()
    {
        if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
            return true;
        }
        // default return
        return false;
    }
}

?>

I run it in another file that is essentially the following: 

//Run file
require_once("dbconfig.php");
    include_once("login.php");
    $login = new Login();
    if($login->isUserLoggedIn() == true){
    //go to another page }

The variables used to access the database are instantiated in dbconfig.php and are correct. With this code I get an error that says the page is not working and is unable to handle the request. When I comment out the line 

if (!$this->db_connection()->connect_errno) {

and the else statement following it, the output is "This user does not exist". So I think the error has something to do with $this->db_connection()->connect_errno). If you can find where I went wrong or have any advice on how to rewrite the script to make it better, it is greatly appreciated.

Improve this question
4
  • You are vulnerable to sql injection attacks Commented Jun 22, 2016 at 15:07
  • stackoverflow.com/questions/60174/… Commented Jun 22, 2016 at 15:07
  • 2
    No no no! You never store user passwords in a database. You don't. What you store is a hash of the user password, one created by a good hashing algorithm. Then, at login time, you hash the provided password and compare both hashes. That way you don't risk exposing user passwords if your service is compromised. Commented Jun 22, 2016 at 15:08
  • 1
    SQL injection and storing passwords aside, can you try setting error_reporting(E_ALL) and edit your post to include any PHP log messages it generates? Commented Jun 22, 2016 at 15:10

3 Answers 3

Reset to default
1

This is a database establishing error your live remote server database configuration is different.Please verify you dbconfig.php file make sure database name, host , port , username , password are well defined with your live database

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This is wrong:

        if (!$this->db_connection()->connect_errno) {

db_connection is simply a variable containing your DB connection object. It is NOT a method.

You probably want

        if (!$this->db_connection->connect_errno) {
                                 ^--note lack of ()

instead.

Improve this answer

Comments

0

I think issue with this follwoing check. your result gets more than 1 records. // if this user exists

if ($result_of_login_check->num_rows == 1) {
......
}else{
    $this->errors[] = "This user does not exist.";
}

make sure your email address is unique in Data table, if it is not unique then your above statement will fail and show the text "This user does not exist." from else part

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.