What's new

Closed Bot help

Status
Not open for further replies.
E

Exine

Forum Veteran
Elite
Joined
Sep 3, 2017
Posts
2,439
Solutions
8
Reaction
2,148
Points
770
here is my code
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["user"];
$Pass = $_POST["password"];
$sql = "SELECT id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->bind_Param("password", $Pass);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $username, $Pass, $fullname, $department, $Disgnation);
$stmt->fetch();
if (password_verify($Pass, $Pass)) {
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
$_SESSION["fullname"] = $fullname;
$_SESSION["department"] = $department;
$_SESSION["Disgnation"] = $Disgnation;
header("location: index.php");
} else {
echo "Invalid username or password.";
}
} else {
echo "Invalid username or password.";
}
$stmt->close();
}
$conn->close();
?>

here is my error
Fatal error: Uncaught ArgumentCountError: The number of elements in the type definition string must match the number of bind variables in C:\xampp\htdocs\inven-it\buy\lg.php:12 Stack trace: #0 C:\xampp\htdocs\inven-it\buy\lg.php(12): mysqli_stmt->bind_param('password', 'admin') #1 {main} thrown in C:\xampp\htdocs\inven-it\buy\lg.php on line 12

how to fix this
 
The error is occurring because you are passing two arguments to the bind_param method while you have defined only one placeholder in the SQL query.

To fix this error, you should remove the second argument of the bind_param method and modify the SQL query to have two placeholders, one for the username and one for the password. Then, you can bind the parameters to these placeholders like this:

Code: 
$sql = "SELECT id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $username, $Pass);

This will bind the values of $username and $Pass to the placeholders in the SQL query.

Also, note that you are using the variable $Pass for both the password field name in the SQL query and the password value that you are passing to the password_verify function. You should use a different variable name for the password value, for example, $password.

The final corrected code should look like this:

Code: 
<?php
session_start();
require_once 'conenct.php';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST["user"];
    $password = $_POST["password"];
    
    $sql = "SELECT id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $password);
    $stmt->execute();
    $stmt->store_result();
    
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($id, $username, $Pass, $fullname, $department, $Disgnation);
        $stmt->fetch();
        
        if (password_verify($password, $Pass)) {
            $_SESSION["loggedin"] = true;
            $_SESSION["id"] = $id;
            $_SESSION["username"] = $username;
            $_SESSION["fullname"] = $fullname;
            $_SESSION["department"] = $department;
            $_SESSION["Disgnation"] = $Disgnation;
            header("location: index.php");
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
    
    $stmt->close();
}

$conn->close();
?>
 
🤖 said:
AND Pass = ?
Click to expand...
here is my code
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["user"];
$Pass = $_POST["password"];
$sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $username, $Pass);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
$stmt->fetch();
if (password_verify($Pass, $Pass)) {
$_SESSION["loggedin"] = true;
$_SESSION["Id"] = $id;
$_SESSION["username"] = $username;
$_SESSION["fullname"] = $Fullname;
$_SESSION["department"] = $Department;
$_SESSION["Disgnation"] = $Disgnation;
header("location: index.php");
} else {
echo "Invalid username or password.";
}
} else {
echo "Invalid username or password.";
}
$stmt->close();
}
$conn->close();
?>

here is my sql
-- phpMyAdmin SQL Dump
-- version 5.2.0
-- You do not have permission to view the full content of this post. Log in or register now.
--
-- Host: 127.0.0.1
-- Generation Time: Mar 31, 2023 at 07:26 PM
-- Server version: 5.5.8-log
-- PHP Version: 8.2.0
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: dbinventit
--
-- --------------------------------------------------------
--
-- Table structure for table tblaccounts
--
CREATE TABLE tblaccounts (
Id int(11) NOT NULL,
username varchar(255) DEFAULT NULL,
Pass varchar(255) DEFAULT NULL,
Fullname varchar(255) DEFAULT NULL,
Department varchar(255) DEFAULT NULL,
Disgnation varchar(255) DEFAULT NULL,
datecreated timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table tblaccounts
--
INSERT INTO tblaccounts (Id, username, Pass, Fullname, Department, Disgnation, datecreated) VALUES
(1, 'admin', 'admin', 'Rey Francis', 'Corpalan', 'it', '0000-00-00 00:00:00');
--
-- Indexes for dumped tables
--
--
-- Indexes for table tblaccounts
--
ALTER TABLE tblaccounts
ADD PRIMARY KEY (Id);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table tblaccounts
--
ALTER TABLE tblaccounts
MODIFY Id int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

i can't login
 
Exine said:
here is my code
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["user"];
$Pass = $_POST["password"];
$sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $username, $Pass);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
$stmt->fetch();
if (password_verify($Pass, $Pass)) {
$_SESSION["loggedin"] = true;
$_SESSION["Id"] = $id;
$_SESSION["username"] = $username;
$_SESSION["fullname"] = $Fullname;
$_SESSION["department"] = $Department;
$_SESSION["Disgnation"] = $Disgnation;
header("location: index.php");
} else {
echo "Invalid username or password.";
}
} else {
echo "Invalid username or password.";
}
$stmt->close();
}
$conn->close();
?>

here is my sql
-- phpMyAdmin SQL Dump
-- version 5.2.0
-- You do not have permission to view the full content of this post. Log in or register now.
--
-- Host: 127.0.0.1
-- Generation Time: Mar 31, 2023 at 07:26 PM
-- Server version: 5.5.8-log
-- PHP Version: 8.2.0
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: dbinventit
--
-- --------------------------------------------------------
--
-- Table structure for table tblaccounts
--
CREATE TABLE tblaccounts (
Id int(11) NOT NULL,
username varchar(255) DEFAULT NULL,
Pass varchar(255) DEFAULT NULL,
Fullname varchar(255) DEFAULT NULL,
Department varchar(255) DEFAULT NULL,
Disgnation varchar(255) DEFAULT NULL,
datecreated timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table tblaccounts
--
INSERT INTO tblaccounts (Id, username, Pass, Fullname, Department, Disgnation, datecreated) VALUES
(1, 'admin', 'admin', 'Rey Francis', 'Corpalan', 'it', '0000-00-00 00:00:00');
--
-- Indexes for dumped tables
--
--
-- Indexes for table tblaccounts
--
ALTER TABLE tblaccounts
ADD PRIMARY KEY (Id);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table tblaccounts
--
ALTER TABLE tblaccounts
MODIFY Id int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

i can't login
Click to expand...
The issue is with the way you are using the password_verify() function. The second parameter to this function should be the hash of the password stored in the database, not the plaintext password.

Here is the corrected code:

Code: 
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST["user"];
    $password = $_POST["password"];
    $sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $password);
    $stmt->execute();
    $stmt->store_result();
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
        $stmt->fetch();
        if (password_verify($password, $Pass)) {
            $_SESSION["loggedin"] = true;
            $_SESSION["Id"] = $Id;
            $_SESSION["username"] = $username;
            $_SESSION["fullname"] = $Fullname;
            $_SESSION["department"] = $Department;
            $_SESSION["Disgnation"] = $Disgnation;
            header("location: index.php");
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
    $stmt->close();
}
$conn->close();
?>

Also, make sure that the password field in your database is storing the hashed password, not the plaintext password. If it's not, you can update the password field with the hashed value using the password_hash() function.
 
🤖 said:
The issue is with the way you are using the password_verify() function. The second parameter to this function should be the hash of the password stored in the database, not the plaintext password.

Here is the corrected code:

Code: 
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST["user"];
    $password = $_POST["password"];
    $sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $password);
    $stmt->execute();
    $stmt->store_result();
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
        $stmt->fetch();
        if (password_verify($password, $Pass)) {
            $_SESSION["loggedin"] = true;
            $_SESSION["Id"] = $Id;
            $_SESSION["username"] = $username;
            $_SESSION["fullname"] = $Fullname;
            $_SESSION["department"] = $Department;
            $_SESSION["Disgnation"] = $Disgnation;
            header("location: index.php");
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
    $stmt->close();
}
$conn->close();
?>

Also, make sure that the password field in your database is storing the hashed password, not the plaintext password. If it's not, you can update the password field with the hashed value using the password_hash() function.
Click to expand...
can you work this for php version 8.2.0
 
Exine said:
can you work this for php version 8.2.0
Click to expand...
The code that I provided earlier should work with PHP 8.2.0 without any issues. However, if you are still facing any issues with that code, you can try this modified version:

Code: 
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = filter_var($_POST["user"], FILTER_SANITIZE_STRING);
    $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
    $sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $password);
    $stmt->execute();
    $stmt->store_result();
    if ($stmt->num_rows > 0) {
        $stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
        $stmt->fetch();
        if (password_verify($password, $Pass)) {
            $_SESSION["loggedin"] = true;
            $_SESSION["Id"] = $Id;
            $_SESSION["username"] = $username;
            $_SESSION["fullname"] = $Fullname;
            $_SESSION["department"] = $Department;
            $_SESSION["Disgnation"] = $Disgnation;
            header("location: index.php");
            exit;
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
    $stmt->close();
}
$conn->close();
?>

This version uses the filter_var() function to sanitize the user input before using it in the SQL query. It also includes an exit statement after the header redirection to prevent any further code execution.
 
🤖 said:
<?php session_start(); require_once 'conenct.php'; if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = filter_var($_POST["user"], FILTER_SANITIZE_STRING); $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING); $sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation); $stmt->fetch(); if (password_verify($password, $Pass)) { $_SESSION["loggedin"] = true; $_SESSION["Id"] = $Id; $_SESSION["username"] = $username; $_SESSION["fullname"] = $Fullname; $_SESSION["department"] = $Department; $_SESSION["Disgnation"] = $Disgnation; header("location: index.php"); exit; } else { echo "Invalid username or password."; } } else { echo "Invalid username or password."; } $stmt->close(); } $conn->close(); ?>
Click to expand...
login.php
<?php if (isset($_GET['error'])) { ?>
<p class="error"><?php echo $_GET['error']; ?></p>
<?php } ?>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<link rel="stylesheet" href="css.css">
<link rel="stylesheet" href="css/bootstrap.min.css">
</head>
<body class="blog">
<center>
<div class="lgcon container">
<h2>LOGIN</h2>
<form class="mb-3" action="lg.php" method="POST">
<div class="mb-3">
<labe>User Name</label>
<input type="text" name="user" placeholder="User Name"><br>
</div>
<div class="mb-3">
<label>Password</label>
<input type="password" name="password" placeholder="Password"><br>
</div>
<button type="submit">Login</button>
<button> <a href="register.php">Register</a></button>
</form>
</div>
</center>
<script src="You do not have permission to view the full content of this post. Log in or register now." integrity="sha384-kenU1KFdBIe4zVF0s0G1M5b4hcpxyD9F7jL+jjXkk+Q2h455rYXK/7HAuoJl+0I4" crossorigin="anonymous"></script>
</body>
</html>

loginprocess.php
<?php
session_start();
require_once 'conenct.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST["user"];
$password = $_POST["password"];
$sql = "SELECT Id, username, Pass, Fullname, Department, Disgnation FROM tblaccounts WHERE username = ? AND Pass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($Id, $username, $Pass, $Fullname, $Department, $Disgnation);
$stmt->fetch();
if (password_verify($password, $Pass)) {
$_SESSION["loggedin"] = true;
$_SESSION["Id"] = $Id;
$_SESSION["username"] = $username;
$_SESSION["fullname"] = $Fullname;
$_SESSION["department"] = $Department;
$_SESSION["Disgnation"] = $Disgnation;
header("location: index.php");
} else {
echo "Invalid username or password.";
}
} else {
echo "Invalid username or password.";
}
$stmt->close();
}
$conn->close();
?>

can you verify if this code is correct, if not then fixed it
 
Status
Not open for further replies.

Similar threads

Popular Tags

android api app arduino bot c c++ capstone capstone project code coding coding and programming css database developer development error help how html in java javascript language laravel mag mysql need patulong php program programmer programming programming language project python question react script sql system thesis tutorial udemy vb.net visual basic web web development website with

About this Thread

  • 6
    Replies
  • 340
    Views
  • 2
    Participants
Last reply from:
Exine

New Topics

Popular On This Forum

Online statistics

Members online
330
Guests online
4,319
Total visitors
4,649
Back
Top