1

i was wondering if anyone could help as i am trying to adapt a PHP login script to accept only the password without the need for the username and I don't know what i am doing wrong.

I am a complete novice i am afraid.

What i want the end result to be is for any user to type in one password, the script then checks the password is correct from my data base and then logs them in. 
//First we start a session
session_start();

//We then check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    //And we get the data from the login form
    $pwd = $_POST['pwd'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check if inputs are empty
    if (empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    }
    else {
        //Check if username exists in the database USING PREPARED STATEMENTS
        $sql = "SELECT * FROM users WHERE user_uid=?";
        //Create a prepared statement
        $stmt = mysqli_stmt_init($conn);
        //Check if prepared statement fails
        if(!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?login=error");
            exit();
        }
        //If the prepared statement didn't fail, then continue
        else {
            //Bind parameters/data to the placeholder (?) in our $sql
            mysqli_stmt_bind_param($stmt, "s", $uid);

            //Run query in database
            mysqli_stmt_execute($stmt);

            //Get results from query
      $result = mysqli_stmt_get_result($stmt);

            //If we had a result, which means the username does exist, then assign the database row data to $row.
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password using the password provided by the user, and the password from the database, to see if they match.
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                //If they didn't match!
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                }
                //If they did match!
                elseif ($hashedPwdCheck == true) {
                    //Set SESSION variables and log user in
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];
                    header("Location: ../index.php?login=success");
                    exit();
                }
      } else {
        header("Location: ../index.php?login=error");
            exit();
      }
        }
    }

    //Close the prepared statement
    mysqli_stmt_close($stmt);

} else {
    header("Location: ../index.php?login=error");
    exit();
}
Improve this question
4
  • Password-alone authentication? I don't think that'd work. Anyway, what is the error that you are getting(if you get any)? Or what is it that you are trying to get as output which you don't get? Commented Apr 24, 2018 at 10:03
  • I am trying to make it so that there is one login box which contains only a password field for people just to type the password in to access the content. It is for a wedding site and my family aren't great at signing up or entering usernames so i am trying to simplify it. Commented Apr 24, 2018 at 10:10
  • I don't get any errors.. it just doesn't log in, I am thinking to maybe just add a username on the page and then keep the password to one they know. Commented Apr 24, 2018 at 10:12
  • Well, look at the answer, that has most upvotes by now.. Commented Apr 24, 2018 at 10:13

2 Answers 2

Reset to default
3

You are binding $uid which is undefined:

   //Bind parameters/data to the placeholder (?) in our $sql
    mysqli_stmt_bind_param($stmt, "s", $uid);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you.. :) sorry about this.. i am learning so any feedback is appreciated.
as use try to lookup a row without uid, you have nothing to compare against. You should define $uid for the user that you want to compare it with. fix this first and see if you still have the problem.
Thank you Jancha, I will do that now
0

Hi i just noticed you are binding $uid , which is not defined that's the first thing you should look at.

//Bind parameters/data to the placeholder `(?)` in our `$sql`

mysqli_stmt_bind_param($stmt, "s", $uid);

The above should be initialized

$uid = '12';

mysqli_stmt_bind_param($stmt, "s", $uid);
Improve this answer

1 Comment

Thank you Berka :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.