Best way to allow users to reset a password. - Page 5

tangoforce · 10-08-2012, 08:33 PM

I just did!

Given the information that you've given me, that would be the only logical cause for that if else section of code.

The only other problem could be the query itself - eg if the DB table structure is not the same as it was on your localhost.

Try running the query in your hosts phpmyadmin SQL page and see that it works there first of all. If it does then its your script. If it doesn't then its a difference between systems - either mysql versions OR your DB structures.

LearningCoder · 10-08-2012, 09:06 PM

Thank you for that. I'll have a look into those things.

Regards,

LC.

LearningCoder · 10-08-2012, 09:43 PM

Ok, I looked at both sets of tables and they are identical.

I tried this command in my phpmyadmin live host:

PHP Code:


			
SELECT * 

FROM `members` 

WHERE `username` = 'Labtec'

AND `password` = '0d9ebc250372156fd9df38aa8ba08557'

and it matched them with no problem. Does this mean it is definitely my script then?

Kind regards,

LC.

tangoforce · 10-09-2012, 12:19 AM

It looks like it yes. You might want to use mysqli_stmt_error after your execute to see if there is an error somewhere.

I don't personally use mysqli I use the old fashioned mysql so I'm kind of guessing here but you should always look for the error function and see if it returns anything.

LearningCoder · 10-09-2012, 06:27 AM

Ok thank you dude. I'll execute that command just after execution and see if it returns anything to me.

Kind regards,

LC.

LearningCoder · 10-09-2012, 07:44 AM

Hmm I put this line:

PHP Code:


			
printf("Error: %s.\n", $stmt->error);

after execution, after storing the results and after fetching the results. It is returning no error to me....I attempted making a similar site a while ago and could register and login perfectly. The only difference with this site is the password hashing and the use of prepared statements. In my login_select.php which is used to check the username and password, I actually echo out the value of the hashed password, after it has been combined with the retrieved salt string from the database and even they match up ok.

I don't understand what could be going wrong....

Sorry to persist, but is there anything else at all that I could take a look at?

Kind regards,

LC.

tangoforce · 10-09-2012, 11:09 AM

To be honest I'm running out of ideas here so it looks like i may have to abandon ship here and hope someone else can see the wood for the trees.

My offer of a debug still remains open (no fix, no fee though I've yet to be beaten) but to be frank, I'm running out of guesses that i can supply. I'm also certain that you're more than capable of debugging it and theorising whats going on!

Whatever is causing the query problem, your either getting no results or more than one result returned.

LearningCoder · 10-09-2012, 11:23 AM

Well it seems nowadays you're the only one who replies to me so I might have to seek a bit of advice from another forum or something because my last 2-3 threads are replied to only by yourself, no one else helps me lol.

Thanks dude appreciate the help though.

I'd take you up on your offer of a debug but what's the point when I am trying to learn PHP :P , I won't get better if I don't do it myself. Of course, your help has nearly always produced a result for me so of course a lot of credit goes to yourself and other people here.

I thought to myself, right open all scripts to do with the registration. I got my notepad out and wrote down step by step what is happening in my reg scripts and when. I also did the same for both of my login scripts and apart from minor differences such as query's and obviously in my reg scripts, the hash string is generated, combined with the pass and stored in the database along with the hashed password, where as in the login, the hash string retrieved from the database, combined with the users pass and then queried against the user's existing password field.

Thanks again for the help up to now, just unfortunate your ideas didn't resolve the issue this time. I'll keep a note of what you asked me to look for in case I have similar issues in the future.

Edit: Just printed $stmt with print_r() just after execution and it returned affected_rows as -1. php.net states it means the query returned an error but errno = 0 and error = empty string.

I printed that out after every statement issued to $stmt and it returned no errors until right after execution...

Kind regards,

LC.

tangoforce · 10-09-2012, 01:45 PM

Post the code for the affected file again with your debugging print_r's in it please.

Also while I doubt this will work (like I said, I don't use mysqli - I really should but i'm too lazy) try wrapping the ? in your sql in ' marks like this: '?'

It shouldn't make any difference from what I see of the php manual but might just be worth a try.

LearningCoder · 10-09-2012, 04:15 PM

Here is my code for my login_select which is meant to match the username and password to login:

PHP Code:


			
<?php

session_start();



$conn = new mysqli("localhost","root","","demo_central") or die("Could not create mysqli object.");



$stmt = $conn->prepare("SELECT * FROM members WHERE username=? AND password=?") or die("Could not prepare query.");



echo "<pre>";

print_r($stmt);

echo "</pre>";



$username = mysqli_real_escape_string($conn,$_POST['username']);

$password = mysqli_real_escape_string($conn,$_POST['password']);



$stmt->bind_param("ss",$username,$password);



echo "<pre>";

print_r($stmt);

echo "</pre>";



$stmt->bind_result($id,$user,$pass,$email,$join_date,$hash,$reset);



echo "<pre>";

print_r($stmt);

echo "</pre>";



$stmt->execute();



echo "<pre>";

print_r($stmt);

echo "</pre>";



$stmt->store_result();

$rows = $stmt->num_rows;



$stmt->fetch();



if($rows == 1){

   $_SESSION['username'] = $user;

   $_SESSION['password'] = $pass;

   header("refresh: 5, url=membersarea.php");

   echo "You have successfully logged in.<br />";

   echo "You will be redirected shortly...";

   exit(0);

}

else{

   echo "You entered an invalid username and/or password.<br />";

   echo "<a href='login.php'>Please try again</a>";

   exit(0);

}



$stmt->close();



$conn->close();



?>

I'll try adding the single quotations around the question marks and get back to you.

Kind regards,

LC.

LearningCoder · 10-09-2012, 08:25 PM

I tried adding the single quotations around the question marks but it returned this error to me:
Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement

I'm not sure what else to check. I know I am matching the correct hash string from the database because when I send the $_POST['password'] and the retrieved hash string and send them both to the sha1() function like I did in the registration script, it produces the correct password...

Edit:Just ran the same print_r($stmt) code through my localhost and it is also returning affected_rows -1 but it lets me login....

Does this mean it could potentially be a different issue? Can you narrow it down given this information?

Kind regards,

LC.

tangoforce · 10-09-2012, 09:51 PM

This line:
$rows = $stmt->num_rows;

What is your print_r($rows) ?

None of this is making any sense. On your localhost you must be getting 1 for it to let you login yet you say its -1 like your main host. Very strange..

LearningCoder · 10-09-2012, 10:13 PM

When I use print_r($rows) on localhost it returns 1. On live host, it returns 0.

Kind regards,

LC.

LearningCoder · 10-09-2012, 10:18 PM

This is what is being returned:

Code:

mysqli_stmt Object
(
    [affected_rows] => -1
    [insert_id] => 0
    [num_rows] => 0
    [param_count] => 2
    [field_count] => 7
    [errno] => 2014
    [error] => Commands out of sync; you can't run this command now
    [sqlstate] => HY000
    [id] => 1
)

Regards,

Lc.

LearningCoder · 10-09-2012, 10:30 PM

Ok so it it logging in on localhost with 1 affected_row and 1 num_row.

On live host it isn't matching any and just returning 0 for both of these.

Regards,

LC.