Problems quering a mysql database to retrieve a password and user authentication

Good Afternoon everyone,
I am having some problems recreating an app from a book im reading, I was hoping someone might be kind enough to advise me. The userid and password is stored in an admin table in mysql under the auctions database;
When the user logs in the sidebar and nav are supposed to be displayed; when an incorrect login is entered it is supposed to echo “incorrect login” and allow the user to try to authenticate again.
The problem im having is that it seems to be working when an incorrect user name and password is entered however when i enter a correct user and password it simply reloads the page without any error message but does not display the side Nav . which leads me to believe that its working somehow?

validate.inc.php

<?php 
$userid= $_POST['userid'];
$password= $_POST['password'];
$query= "SELECT name FROM admins WHERE userid=? AND password= SHA2(?, 256)";
$db= new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
  $stmt= $db->prepare($query);
  $stmt->bind_param("ss", $userid, $password);
  $stmt->execute();
  $stmt->bind_result($name);
  $stmt->fetch();
if (isset ($name)){
    echo "<h2> welcome to auction helper</h2>\n";
    $_SESSION['login']= $name;
    header("Location: index.php");
} else {
    echo "<h2> sorry Login incorrect </h2>\n";
    echo "<a href=\"index.php\"> Please try again </a>\n";
}
?>

nav.inc.php

<table width="100%" cellpadding="3">

<tr>
<?php 
 if (!isset($_SESSION['login']))
  echo "<td></td> \n"; 
  else {
  echo "<td><h3>Welcome, {$_SESSION['login']}</h3> 
  </td> \n"; 
?> 
</tr> 


<tr> 
<td><a href="index.php"><strong> Home </strong></a></td> 
</tr> 

<tr> 
<td><strong>Bidders</strong></td> 
</tr> 

<tr> 
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=listbidders"> 
<strong>List Bidders</strong></a></td> 
</tr> 

<tr> 
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=newbidder">
<strong>Add New Bidder</strong></a></td>
</tr>

<tr> 
<td><strong> Items</strong></td>
</tr>

<tr>
    <td>&nbsp; &nbsp; &nbsp; <a href="index.php?content=listitems"> <strong>List Items</strong></a></td>
</tr>
<tr>
<td>&nbsp;&nbsp;&nbsp; <a href="index.php?content=newitem">
<strong>Add New Item</strong></a></td> 
</tr>
    
    
<tr><td><hr></td></tr> 
    
<tr><td><a href="index.php?content=logout"> <strong>Logout</strong></a></td></tr> 
    
<tr>
<td>&nbsp;</td> 
</tr> 
<tr> 
<td>
<form action="index.php" method="post"> 
<label>Search for item: </label><br> 
<input type="text" name="itemid" size="14"/> 
<input type="submit" value="find"/> 
<input type="hidden" name="content" value="updateitem"> 
</form> 
</td> </tr>   
<tr> 
<td> 
<form action="index.php" method="post">
<label>Search for bidder: </label><br> 
<input type="text" name="bidderid" size="14"/> 
<input type="submit" value="find"/> 
<input type="hidden" name="content" value="displaybidder">
</form> 
</td> </tr> 
<?php
 }
?>
</table>

main.inc.php

<?php 
if (!isset($_SESSION['login'])) {
?>
<h2>Please log in</h2><br> 
<form name="login" action="index.php" method="post"> <label>User ID</label> 
<input type="text" name="userid" size="10">
<br>
<br> 
<label>Password</label> 
<input type="password" name="password" size="10">
<br>
<br> 
<input type="submit" value="Login"> 
<input type="hidden" name="content" value="validate"> </form> 
<?php 
} else {
  echo "<h2> Welcome to AuctionHelper</h2> \n"; 
  echo "<br> <br> \n"; 
  echo "<p>This program tracks bidder and auction item information</p> \n"; 
  echo "<p>Please use the links in the navigation window</p> \n";
  echo "<p>Please DO NOT use the browser navigation buttons!</p>\n";
}
  ?>
  <script language="javascript">
  document.login.userid.focus();
  document.login.userid.select();
  </script>

index.php

<php 
session_start();
include("bidder.php");
include("item.php");
?>
<!DOCTYPE html> 
 <html> 
  <head> 
   <title>AuctionHelper </title> 
<link rel="stylesheet" type="text/css" href="ah_styles.css"> 
</head> 
<body>

<header> 
<?php include("header.inc.php"); ?> 
</header> 
<section id="container"> 
<nav> 
<?php include("nav.inc.php"); ?> 
</nav> 
<main> 
<?php 
    if (isset($_REQUEST['content'])) {
  include($_REQUEST['content'] . ".inc.php"); 
  } else {
include("main.inc.php");
}
?>
</main>

<aside>
<?php include ("aside.inc.php"); ?> 
</aside> 
</section> 
<footer> 
<?php include("footer.inc.php"); ?> 
</footer> 
</body> 
</html>

admin table in auction database

MariaDB [auction]> SELECT * FROM admins;
+--------+-----------+------------------------------------------------------------------+
| userid | name      | password                                                         |
+--------+-----------+------------------------------------------------------------------+
| rich   | rich blum | 3cdfa761361762ddedc01ea1428db10a92e327325f490f7f34f1b1b91d994f22 |
+--------+-----------+------------------------------------------------------------------+
1 row in set (0.00 sec)

if you guys wanna see the include files for bidder.php and item.php i can post those as well, but im thinking its not related to the problem.

1 Like

Good evening,
Odd. and you just copied and pasted from the code I wrote?

I did not put the header footer and css files because i didnt have a problem with those so I didnt think it was related. You want me to turn on error reporting to full in the .ini file? what settings should I put?

when i type the correct user and password saved in the mysql database the app refreshes, No navbar is shown, when I type the incorrect user or password the app functions correctly.

1 Like

I put the settings in as described, its still functioning as shown in the video, sorry if i wasnt clear, let me get you the other files.

aside.inc.php

<h2>Real-time Auction Info</h2>
<hr>
<br>
<br> 
<h3>Bidder count: </h3><span id="biddercount"></span> <br><br> 
<h3> Item count: </h3> <span id="itemcount"></span> <br><br> 
<h3>Items total value: </h3><span id="itemtotal"></span> <br><br> 
<h3>Bid totals: </h3> <span id="bidtotal"></span>

ah_styles.css

body {
font-family: Arial, sans-serif;
font-size: 80%;
color: #333333; 
line-height: 1.166;
margin: 0px; 
padding: 0px;
}

a {
color: #006699; 
text-decoration: none;
}

a:link{
color: #006699; 
text-decoration: none;
}

a:visited{
color: #006699;
text-decoration: none;
}

a:hover{
color: #006699 
text-decoration: underline;
}

h1{
font-family: Verdana, Arial, sans-serif; 
font-size: 120%;
color: #334d55; 
margin: 0px; 
padding: 0px;       
}

h2{
font-family: Arial, sans-serif; 
font-size: 120%;
color: #334d55; 
margin: 0px; 
padding: 0px;
}

h3{
font-family: Arial, sans-serif; 
font-size: 110%; 
color: #334d55; 
margin: 0px; 
padding: 0px;
}
    
h4{
font-family: Arial, sans-serif; 
font-size: 100%; 
color: #334d55; 
margin: 0px; 
padding: 0px;
}
    
header {
padding: 7px; 
border-bottom: 1px solid #E2EAEF;
height: 40px; 
width: 100%;
}
    
#container {
height: 400px;
}
    
nav {
padding: 5px; 
border-bottom: 1px solid #E2EAEF; 
border-top: 1px solid #E2EAEF;
border-right: 1px solid #E2EAEF;
background-color: #FFE3AA; 
float: left; 
width: 15%; 
height: 100%;
}
    
main {
padding: 5px; 
border-top: 1px solid #E2EAEF; 
float: left; 
width: 55%; 
height: 100%;
}
    
main table {
padding: 2px; 
border: 1px solid black; 
border-collapse: collapse;
}
    
main td {
padding: 2px; 
border: 1px solid black;
border-collapse: collapse;
}
    
aside {
padding: 5px; 
border-top: 1px solid #E2EAEF; 
border-left: 1px solid #E2EAEF; 
background-color: #f3f6f8; 
float: right;
width: 15%;
height: 100%;
}

footer{
clear: both;
text-align: center;
padding: 7px;
border-bottom: 1px solid #E2EAEF;
border-top: 1px solid #E2EAEF;
background-color: #f3f6f8;
width:100%;
}

footer.inc.php

<p>&copy AuctionHelper- Making auctions easier </p>

header.inc.php

<h1>first street elementary </h1>
<h2>silent auction event</h2>

item class object and its methods item.php

<?php 
class Item {
  public $itemid; 
  public $name; 
  public $description; 
  public $resaleprice; 
  public $winbidder; 
  public $winprice;
    
function __construct($itemid, $name, $description,               $resaleprice, $winbidder, $winprice){ 
    $this->itemid = $itemid; 
    $this->name = $name;
    $this->description = $description;
    $this->resaleprice = $resaleprice; 
    $this->winbidder = $winbidder; 
    $this->winprice = $winprice;
}
    
function __toString() { 
    $output = "<h2>Item : $this->itemid</h2>" .
    "<h2>Name: $this->name</h2> \n"; 
    "<h2>Description: $this->description</h2> \n";
    "<h2>Resale Price: $this->resaleprice</h2> \n"; 
    "<h2>Winning bid: $this->winbid at $this->winprice</h2>\n";
    return $output;
}
//what is $this->winbid


function saveItem() {
        $db = new mysqli("localhost","ah_user", "AuctionHelper", "auction");
                         
                         
        $query = "INSERT INTO items VALUES (?, ?, ?, ?, ?)";
        $stmt = $db->prepare($query); 
        $stmt->bind param("issdid", $this->itemid, $this->name, $this->description, $this->resaleprice, $this->winbidder, $this->winprice); 
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}

function updateItem() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper","auction"); 
    $query = "UPDATE items SET name= ?, description= ?, resaleprice= ?, ". 
    "winbidder= ?, winprice= ? WHERE itemid = $this->itemid";   
 $stmt = $db->prepare($query);
 $stmt->bind_param("ssdid", $this->name, $this->description, $this->resaleprice, $this->winbidder, $this->winprice);
    $result = $stmt->execute();
    $db->close();
    return $result;   
}
    
function removeItem() {
  $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
  $query = "DELETE FROM items WHERE itemid = $this->itemid";
  $result = $db->query($query); 
  $db->close(); 
  return $result;
}
    
static function getItems() {
  $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
    
  $query = "SELECT * FROM items"; 
  $result = $db->query($query); 
    if (mysqli_num_rows($result) > 0) {
     $items = array(); 
        while($row = $result->fetch_array(MYSQLI_ASSOC)){  
            $item = new Item($row['itemid'], $row ['name'], $row['description'], $row['resaleprice'],
         $row['winbidder'], $row['winprice']); array_push($items, $item);
    }
    $db->close();
    return $items;
     }else {
      $db->close(); 
        return NULL;
        }
    }

static function getItemsbyBidder($bidderid) {
 $db = new mysqli("localhost",  "ah_user", "AuctionHelper","auction");
 $query = "SELECT * FROM items WHERE winbidder =  $bidderid"; 
  $result = $db->query($query);
  if (mysqli_num_rows($result) > 0) {
   $items = array(); 
    while($row = $result->fetch_array(MYSQLI_ASSOC)) {  $item = new Item($row['itemid'], $row['name'],
     $row['description'], $row['resaleprice'], $row ['winbidder'], $row ['winprice']); array_push($items, $item);
}
$db->close();
return $items; 
} else {
$db->close(); 
return NULL;
}
}

static function findItem($itemid) {
 $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction");
 $query = "SELECT * FROM items WHERE itemid = $itemid"; 
$result = $db->query($query); 
 $row = $result->fetch_array(MYSQLI_ASSOC); 
 if ($row) {
   $item = new Item($row ['itemid'], $row ['name'], $row ['description'], $row ['resaleprice'], $row ['winbidder'], $row ['winprice']); 
   $db->close();
   return $item; 
   
   } else {
  $db->close(); 
  return NULL;
}
}
}
?>

bidder class object bidder.php

<?php 
    class Bidder {
    public $bidderid; 
    public $lastname;
    public $firstname; 
    public $address; 
    public $phone;

function __construct($bidderid, $lname, $fname, $address, $phone){
    $this->bidderid = $bidderid; 
    $this->lastname = $1name; 
    $this->firstname = $fname;
    $this->address = $address; 
    $this->phone = $phone;
}
        
function __toString() { 
    $output = "<h2>Bidder Number: $this->bidderid</h2>\n".
    "<h2>$this->lastname, $this->firstname</h2> \n". 
    "<h2>$this->address</h2> \n" .
    "<h2>$this->phone</h2> \n"; 
    return $output;
}
    
function saveBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "INSERT INTO bidders VALUES (?, ?, ?, ?, ?)"; 
    $stmt = $db->prepare($query);
    $stmt->bind_param("issss", $this->bidderid, $this->lastname, $this->firstname, $this->address, $this->phone); 
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}
        
function updateBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "UPDATE bidders SET bidderid = ?, lastname = ?,".
    "firstname = ?, address= ?, phone= ?".
    "WHERE bidderid = $this->bidderid"; 
    
    $stmt = $db->prepare($query); 
    $stmt->bind_param("issss", $this->bidderid, $this->lastname, $this->firstname, $this->address, $this->phone); 
    
    $result = $stmt->execute(); 
    $db->close(); 
    return $result;
}

function removeBidder() {
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction") 
    $query = "DELETE FROM bidders WHERE bidderid = $this->bidderid"; 
    $result = $db->query($query); 
    $db->close(); 
    return $result;
}
                     
static function getBidders() { 
    $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "SELECT * FROM bidders"; 
    $result = $db->query($query); 
    if (mysqli_num_rows($result) > 0) {
       $bidders = array(); 
       while($row = $result->fetch_array( MYSQLI_ASSOC)){ 
           $bidder = new Bidder($row['bidderid'],$row['lastname'] ,
           $row['firstname'],$row ['address'],$row['phone']);
           
     array_push($bidders, $bidder); 
     unset($bidder);
     }
       $db->close();
     return $bidders; 
     } else {
       $db->close(); 
       return NULL;
       }
}
                     
static function findBidder ($bidderid) {
   $db = new mysqli("localhost", "ah_user", "AuctionHelper", "auction"); 
    $query = "SELECT * FROM bidders WHERE bidderid = $bidderid";
    $result = $db->query($query); 
    $row = $result->fetch_array(MYSQLI_ASSOC); 
    if ($row){
        $bidder = new Bidder($row['bidderid'], $row['lastname'], $row ['firstname'], $row['address'], $row['phone']);
    $db->close();
    return $bidder; 
    } else {
        
    $db->close();
    return NULL;
    }
}
    }
?>

1 Like

affirmative. that is what happened, as you described it.

when the login is correct. it prevents the page from refreshing. and i can see the text " welcome to auction helper"

welcome to auction helper

session_status = 1

1 Like

yes, however it is still refusing to show me the nav, the app is behaving the same as before, misbehaving.

welcome to auction helper

session_status = 1

pm sent @ your inbox

the github app is not opening on my desktop its pinned to taskbar i can try to reinstall git and reboot a second time. but the files I posted above are the ones I am working with.

1 Like

three additional errors also popped up. very odd because i didnt touch the bidder.php file, when i saw that the lname was randomly changed into 1name i changed it back and then the third error popped up.

1 Like

which error are you referring to?
I am going to try to reverse it all back to the way it was and reset the cookies setting in the ini file

im not sure i understood your last message. you wish me to comment out the saveItem function and you think this will allow me to login?

I reversed everything to its original state so its still behaving as before without the horrible whitescreen error messages. so its just refreshing when i enter the correct password and user, and when i enter the incorrect password or user, its echoing out the login failed message nicely.

there is one more clue i think might be related, on page load I see this user and login, this was not a user or password that i put in the admin table in the auctions database but a user and password that is related to another database

here is a screenshot of what im referring to:

I attempted to clear the cache on the brower but it didnt do anything and I still see this user info showing up. I see hes related to a completely different database outside of auctions. Again not sure if this is related. Just saying.

1 Like

The bidder code is in the 9th message on this thread posted 15hrs ago. along with the css and the rest of the project. if you dont see it I can repost those files. Please advise.

i took out the include bidder.php file which was in the php tags on top of the index.php I commented out the saveItem function in item.php, the app is still behaving as before. Not allowing a login. I am not receiving any error messages since I reversed the code back to the original.

I am confused because you had wanted me to remove bidder.php and comment out a function in item.php,
I guess its not what your getting at, so assuming what you wrote above is the code you want me to work on, my first guess was that I am not including the validate.inc.php in the index, because I dont see how its running the validate from the index file or how its connected. at first i thought its the global $_request[‘content’] but now when i look at the script im thinking that $_request[‘content’] is a fill in for content that we will put in the future when the application starts running. I.e. bidding data, who won, what items they won etc…

So to be honest i dont see how the validate is connected to the index because the starting point of application is at index.php but it still needs to run validate.inc.php . However, i do see in the validate file that if the variable $name is set then it sets headers to index.php and delivers the content that im missing, and if its not set, then it gives the login incorrect, try again message.

since your saying the problem is related to the first few lines of code on top of index.php and its something missing, my gut is telling me that i need an isset statement is this correct?

To be honest I dont understand this login system and how the files are connected. I undertand what each of the functions in bidder.php and item.php are supposed to do, but the login system is giving me some trouble understanding. maybe if you could please give me a basic explanation of how all these files are connected i will get it…