Problems quering a mysql database to retrieve a password and user authentication

Problems quering a mysql database to retrieve a password and user authentication
0

#1

Good Afternoon everyone,
I am having some problems recreating an app from a book im reading, I was hoping someone might be kind enough to advise me. The userid and password is stored in an admin table in mysql under the auctions database;
When the user logs in the sidebar and nav are supposed to be displayed; when an incorrect login is entered it is supposed to echo “incorrect login” and allow the user to try to authenticate again.
The problem im having is that it seems to be working when an incorrect user name and password is entered however when i enter a correct user and password it simply reloads the page without any error message but does not display the side Nav . which leads me to believe that its working somehow?

validate.inc.php

<?php 
$userid= $_POST['userid'];
$password= $_POST['password'];
$query= "SELECT name FROM admins WHERE userid=? AND password= SHA2(?, 256)";
$db= new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
  $stmt= $db->prepare($query);
  $stmt->bind_param("ss", $userid, $password);
  $stmt->execute();
  $stmt->bind_result($name);
  $stmt->fetch();
if (isset ($name)){
    echo "<h2> welcome to auction helper</h2>\n";
    $_SESSION['login']= $name;
    header("Location: index.php");
} else {
    echo "<h2> sorry Login incorrect </h2>\n";
    echo "<a href=\"index.php\"> Please try again </a>\n";
}
?>

nav.inc.php

<table width="100%" cellpadding="3">

<tr>
<?php 
 if (!isset($_SESSION['login']))
  echo "<td></td> \n"; 
  else {
  echo "<td><h3>Welcome, {$_SESSION['login']}</h3> 
  </td> \n"; 
?> 
</tr> 


<tr> 
<td><a href="index.php"><strong> Home </strong></a></td> 
</tr> 

<tr> 
<td><strong>Bidders</strong></td> 
</tr> 

<tr> 
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=listbidders"> 
<strong>List Bidders</strong></a></td> 
</tr> 

<tr> 
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=newbidder">
<strong>Add New Bidder</strong></a></td>
</tr>

<tr> 
<td><strong> Items</strong></td>
</tr>

<tr>
    <td>&nbsp; &nbsp; &nbsp; <a href="index.php?content=listitems"> <strong>List Items</strong></a></td>
</tr>
<tr>
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=newitem">
<strong>Add New Item</strong></a></td> 
</tr>
    
    
<tr><td><hr></td></tr> 
    
<tr><td><a href="index.php?content=logout"> <strong>Logout</strong></a></td></tr> 
    
<tr>
<td>&nbsp;</td> 
</tr> 
<tr> 
<td>
<form action="index.php" method="post"> 
<label>Search for item: </label><br> 
<input type="text" name="itemid" size="14"/> 
<input type="submit" value="find"/> 
<input type="hidden" name="content" value="updateitem"> 
</form> 
</td> </tr>   
<tr> 
<td> 
<form action="index.php" method="post">
<label>Search for bidder: </label><br> 
<input type="text" name="bidderid" size="14"/> 
<input type="submit" value="find"/> 
<input type="hidden" name="content" value="displaybidder">
</form> 
</td> </tr> 
<?php
 }
?>
</table>

main.inc.php

<?php 
if (!isset($_SESSION['login'])) {
?>
<h2>Please log in</h2><br> 
<form name="login" action="index.php" method="post"> <label>User ID</label> 
<input type="text" name="userid" size="10">
<br>
<br> 
<label>Password</label> 
<input type="password" name="password" size="10">
<br>
<br> 
<input type="submit" value="Login"> 
<input type="hidden" name="content" value="validate"> </form> 
<?php 
} else {
  echo "<h2> Welcome to AuctionHelper</h2> \n"; 
  echo "<br> <br> \n"; 
  echo "<p>This program tracks bidder and auction item information</p> \n"; 
  echo "<p>Please use the links in the navigation window</p> \n";
  echo "<p>Please DO NOT use the browser navigation buttons!</p>\n";
}
  ?>
  <script language="javascript">
  document.login.userid.focus();
  document.login.userid.select();
  </script>

index.php

<php 
session_start();
include("bidder.php");
include("item.php");
?>
<!DOCTYPE html> 
 <html> 
  <head> 
   <title>AuctionHelper </title> 
<link rel="stylesheet" type="text/css" href="ah_styles.css"> 
</head> 
<body>

<header> 
<?php include("header.inc.php"); ?> 
</header> 
<section id="container"> 
<nav> 
<?php include("nav.inc.php"); ?> 
</nav> 
<main> 
<?php 
    if (isset($_REQUEST['content'])) {
  include($_REQUEST['content'] . ".inc.php"); 
  } else {
include("main.inc.php");
}
?>
</main>

<aside>
<?php include ("aside.inc.php"); ?> 
</aside> 
</section> 
<footer> 
<?php include("footer.inc.php"); ?> 
</footer> 
</body> 
</html>

admin table in auction database

MariaDB [auction]> SELECT * FROM admins;
+--------+-----------+------------------------------------------------------------------+
| userid | name      | password                                                         |
+--------+-----------+------------------------------------------------------------------+
| rich   | rich blum | 3cdfa761361762ddedc01ea1428db10a92e327325f490f7f34f1b1b91d994f22 |
+--------+-----------+------------------------------------------------------------------+
1 row in set (0.00 sec)

if you guys wanna see the include files for bidder.php and item.php i can post those as well, but im thinking its not related to the problem.


#2


#3

When I enter the correct username and password, I get a nav menu showing. See below for what I see when logging in. I did not have CSS file, so there is no formatting.

Note: Since I did not have the header.inc.php, aside.inc.php, or the footer.inc.php file, I put filler content in for those places.

Are you sure you are not getting any errors? Do you have error displaying turned on?


#4

Good evening,
Odd. and you just copied and pasted from the code I wrote?

I did not put the header footer and css files because i didnt have a problem with those so I didnt think it was related. You want me to turn on error reporting to full in the .ini file? what settings should I put?


#5

Yes, but I also had to set up a database and add an admins table with applicable data.

First just try adding the following to the top of index.php below the <?php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

#6

when i type the correct user and password saved in the mysql database the app refreshes, No navbar is shown, when I type the incorrect user or password the app functions correctly.


#7

I put the settings in as described, its still functioning as shown in the video, sorry if i wasnt clear, let me get you the other files.


#8

In the validate.inc.php file, try adding the following below the echo line in the if (isset($name)) { code block

exit();

If the login is successful, the you should see “welcome to auction helper” displayed to the page and the exit will make sure the page does not reload. Let me know what you see.


#9

aside.inc.php

<h2>Real-time Auction Info</h2>
<hr>
<br>
<br> 
<h3>Bidder count: </h3><span id="biddercount"></span> <br><br> 
<h3> Item count: </h3> <span id="itemcount"></span> <br><br> 
<h3>Items total value: </h3><span id="itemtotal"></span> <br><br> 
<h3>Bid totals: </h3> <span id="bidtotal"></span>

ah_styles.css

body {
font-family: Arial, sans-serif;
font-size: 80%;
color: #333333; 
line-height: 1.166;
margin: 0px; 
padding: 0px;
}

a {
color: #006699; 
text-decoration: none;
}

a:link{
color: #006699; 
text-decoration: none;
}

a:visited{
color: #006699;
text-decoration: none;
}

a:hover{
color: #006699 
text-decoration: underline;
}

h1{
font-family: Verdana, Arial, sans-serif; 
font-size: 120%;
color: #334d55; 
margin: 0px; 
padding: 0px;       
}

h2{
font-family: Arial, sans-serif; 
font-size: 120%;
color: #334d55; 
margin: 0px; 
padding: 0px;
}

h3{
font-family: Arial, sans-serif; 
font-size: 110%; 
color: #334d55; 
margin: 0px; 
padding: 0px;
}
    
h4{
font-family: Arial, sans-serif; 
font-size: 100%; 
color: #334d55; 
margin: 0px; 
padding: 0px;
}
    
header {
padding: 7px; 
border-bottom: 1px solid #E2EAEF;
height: 40px; 
width: 100%;
}
    
#container {
height: 400px;
}
    
nav {
padding: 5px; 
border-bottom: 1px solid #E2EAEF; 
border-top: 1px solid #E2EAEF;
border-right: 1px solid #E2EAEF;
background-color: #FFE3AA; 
float: left; 
width: 15%; 
height: 100%;
}
    
main {
padding: 5px; 
border-top: 1px solid #E2EAEF; 
float: left; 
width: 55%; 
height: 100%;
}
    
main table {
padding: 2px; 
border: 1px solid black; 
border-collapse: collapse;
}
    
main td {
padding: 2px; 
border: 1px solid black;
border-collapse: collapse;
}
    
aside {
padding: 5px; 
border-top: 1px solid #E2EAEF; 
border-left: 1px solid #E2EAEF; 
background-color: #f3f6f8; 
float: right;
width: 15%;
height: 100%;
}

footer{
clear: both;
text-align: center;
padding: 7px;
border-bottom: 1px solid #E2EAEF;
border-top: 1px solid #E2EAEF;
background-color: #f3f6f8;
width:100%;
}

footer.inc.php

<p>&copy AuctionHelper- Making auctions easier </p>

header.inc.php

<h1>first street elementary </h1>
<h2>silent auction event</h2>

item class object and its methods item.php

<?php 
class Item {
  public $itemid; 
  public $name; 
  public $description; 
  public $resaleprice; 
  public $winbidder; 
  public $winprice;
    
function __construct($itemid, $name, $description,               $resaleprice, $winbidder, $winprice){ 
    $this->itemid = $itemid; 
    $this->name = $name;
    $this->description = $description;
    $this->resaleprice = $resaleprice; 
    $this->winbidder = $winbidder; 
    $this->winprice = $winprice;
}
    
function __toString() { 
    $output = "<h2>Item : $this->itemid</h2>" .
    "<h2>Name: $this->name</h2> \n"; 
    "<h2>Description: $this->description</h2> \n";
    "<h2>Resale Price: $this->resaleprice</h2> \n"; 
    "<h2>Winning bid: $this->winbid at $this->winprice</h2>\n";
    return $output;
}
//what is $this->winbid


function saveItem() {
        $db = new mysqli("localhost","ah_user", "AuctionHelper", "auction");
                         
                         
        $query = "INSERT INTO items VALUES (?, ?, ?, ?, ?)";
        $stmt = $db->prepare($query); 
        $stmt->bind param("issdid", $this->itemid, $this->name, $this->description, $this->resaleprice, $this->winbidder, $this->winprice); 
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}

function updateItem() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper","auction"); 
    $query = "UPDATE items SET name= ?, description= ?, resaleprice= ?, ". 
    "winbidder= ?, winprice= ? WHERE itemid = $this->itemid";   
 $stmt = $db->prepare($query);
 $stmt->bind_param("ssdid", $this->name, $this->description, $this->resaleprice, $this->winbidder, $this->winprice);
    $result = $stmt->execute();
    $db->close();
    return $result;   
}
    
function removeItem() {
  $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
  $query = "DELETE FROM items WHERE itemid = $this->itemid";
  $result = $db->query($query); 
  $db->close(); 
  return $result;
}
    
static function getItems() {
  $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
    
  $query = "SELECT * FROM items"; 
  $result = $db->query($query); 
    if (mysqli_num_rows($result) > 0) {
     $items = array(); 
        while($row = $result->fetch_array(MYSQLI_ASSOC)){  
            $item = new Item($row['itemid'], $row ['name'], $row['description'], $row['resaleprice'],
         $row['winbidder'], $row['winprice']); array_push($items, $item);
    }
    $db->close();
    return $items;
     }else {
      $db->close(); 
        return NULL;
        }
    }

static function getItemsbyBidder($bidderid) {
 $db = new mysqli("localhost",  "ah_user", "AuctionHelper","auction");
 $query = "SELECT * FROM items WHERE winbidder =  $bidderid"; 
  $result = $db->query($query);
  if (mysqli_num_rows($result) > 0) {
   $items = array(); 
    while($row = $result->fetch_array(MYSQLI_ASSOC)) {  $item = new Item($row['itemid'], $row['name'],
     $row['description'], $row['resaleprice'], $row ['winbidder'], $row ['winprice']); array_push($items, $item);
}
$db->close();
return $items; 
} else {
$db->close(); 
return NULL;
}
}

static function findItem($itemid) {
 $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
 $query = "SELECT * FROM items WHERE itemid = $itemid"; 
$result = $db->query($query); 
 $row = $result->fetch_array(MYSQLI_ASSOC); 
 if ($row) {
   $item = new Item($row ['itemid'], $row ['name'], $row ['description'], $row ['resaleprice'], $row ['winbidder'], $row ['winprice']); 
   $db->close();
   return $item; 
   
   } else {
  $db->close(); 
  return NULL;
}
}
}
?>

bidder class object bidder.php

<?php 
    class Bidder {
    public $bidderid; 
    public $lastname;
    public $firstname; 
    public $address; 
    public $phone;

function __construct($bidderid, $lname, $fname, $address, $phone){
    $this->bidderid = $bidderid; 
    $this->lastname = $1name; 
    $this->firstname = $fname;
    $this->address = $address; 
    $this->phone = $phone;
}
        
function __toString() { 
    $output = "<h2>Bidder Number: $this->bidderid</h2>\n".
    "<h2>$this->lastname, $this->firstname</h2> \n". 
    "<h2>$this->address</h2> \n" .
    "<h2>$this->phone</h2> \n"; 
    return $output;
}
    
function saveBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "INSERT INTO bidders VALUES (?, ?, ?, ?, ?)"; 
    $stmt = $db->prepare($query);
    $stmt->bind_param("issss", $this->bidderid, $this->lastname, $this->firstname, $this->address, $this->phone); 
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}
        
function updateBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "UPDATE bidders SET bidderid = ?, lastname = ?,".
    "firstname = ?, address= ?, phone= ?".
    "WHERE bidderid = $this->bidderid"; 
    
    $stmt = $db->prepare($query); 
    $stmt->bind_param("issss", $this->bidderid, $this->lastname, $this->firstname, $this->address, $this->phone); 
    
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}

function removeBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction") 
    $query = "DELETE FROM bidders WHERE bidderid = $this->bidderid"; 
    $result = $db->query($query); 
    $db->close(); 
    return $result;
}
                     
static function getBidders() { 
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "SELECT * FROM bidders"; 
    $result = $db->query($query); 
    if (mysqli_num_rows($result) > 0) {
       $bidders = array(); 
       while($row = $result->fetch_array( MYSQLI_ASSOC)){ 
           $bidder = new Bidder($row['bidderid'],$row['lastname'] ,
           $row['firstname'],$row ['address'],$row['phone']);
           
     array_push($bidders, $bidder); 
     unset($bidder);
     }
       $db->close();
     return $bidders; 
     } else {
       $db->close(); 
       return NULL;
       }
}
                     
static function findBidder ($bidderid) {
   $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "SELECT * FROM bidders WHERE bidderid = $bidderid";
    $result = $db->query($query); 
    $row = $result->fetch_array(MYSQLI_ASSOC); 
    if ($row){
        $bidder = new Bidder($row['bidderid'], $row['lastname'], $row ['firstname'], $row['address'], $row['phone']);
    $db->close();
    return $bidder; 
    } else {
        
    $db->close();
    return NULL;
    }
}
    }
?>


#10

Read my last reply and let me know what you see.


#11

affirmative. that is what happened, as you described it.

when the login is correct. it prevents the page from refreshing. and i can see the text " welcome to auction helper"


#12

OK, now try one more thing. Move the exit(); line below the following line:

$_SESSION['login']= $name;

and then add the following line before the exit(); line.

echo "<p>session_status = ".session_status()."</p>";

and then tell me what gets displayed.

if (isset ($name)){
    echo "<h2> welcome to auction helper</h2>\n";
    $_SESSION['login']= $name;
    echo "<p>session_status = ".session_status()."</p>";
    exit();

#13

welcome to auction helper

session_status = 1


#14

That is what I thought. 1 means that there is no session started. Can you confirm the first 4 lines of your index.php file are the following?

<?php
session_start();
include("item.php");
?>

#15


#16

Take out the first three lines I had you add earlier and add ob_start(); on the line before session_start();


#17

yes, however it is still refusing to show me the nav, the app is behaving the same as before, misbehaving.

welcome to auction helper

session_status = 1


#18

Can you post you php.ini file? You may have a strange setting causing the sessions not to start.


#19

pm sent @ your inbox


#20

One last thing to try. Change the first 5 lines of your index.php to the following:

<?php
session_start();
echo "session_id = ".session_id();
include("item.php");
?>

You should see a long letter/number id on either the login page or after you successfully login. Let me know what you see after session_id =. My guess is you will not see anything.