mysqli - PHP Query invalid result -
i apologise if title confusing, when run page code below , enter email not found in database, on webpage notice: trying property of non-object in c:\xampp\htdocs\testing\login.php on line 72. instead of saying this, want give error email not registered.
<?php session_start();//session starts here if(isset($_session['adminname'])||isset($_session['email'])){ header("location: welcome.php");//redirect login page secure welcome page without login access. } ?> <html> <head lang="en"> <meta charset="utf-8"> <link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css"> <title>login</title> </head> <style> .login-panel { margin-top: 150px; </style> <body> <div class="container"> <div class="row"> <div class="col-md-4 col-md-offset-4"> <div class="login-panel panel panel-success"> <div class="panel-heading"> <h3 class="panel-title">sign in</h3> </div> <div class="panel-body"> <form role="form" method="post" action="login.php"> <fieldset> <div class="form-group" > <input class="form-control" placeholder="e-mail" name="email" type="email" autofocus> </div> <div class="form-group"> <input class="form-control" placeholder="password" name="pass" type="password" value=""> </div> <input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" > <!-- change button or input when using form --> <!-- <a href="index.html" class="btn btn-lg btn-success btn-block">login</a> --> </fieldset> </form> </div> </div> </div> </div> </div> </body> </html> <?php include("database/db_conection.php"); if(isset($_post['login'])){ $user_email=mysqli_real_escape_string($dbcon, $_post['email']); $user_pass=mysqli_real_escape_string($dbcon, $_post['pass']); $encrypted_password = password_hash($user_pass, password_bcrypt); $query = $dbcon->query("select user_pass users user_email='$user_email'"); $passwordvalue=$query->fetch_object()->user_pass; if (password_verify($user_pass,$passwordvalue)){ echo "success!"; }else{ echo $encrypted_password; echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>error!</strong> email or password entered incorrect!</div>"; } /*$check_user="select * users user_email='$encrypted_email' , user_pass='$user_pass'"; $run=mysqli_query($dbcon,$check_user); if(mysqli_num_rows($run)) { echo "<script>window.open('welcome.php','_self')</script>"; $_session['email']=$user_email;//here session used , value of $user_email store in $_session. } else { echo "<script>alert('email or password incorrect!')</script>"; }*/ } ?> this code found in login.php file. php code within comment isn't part of web page, removing later.
<html> <head lang="en"> <meta charset="utf-8"> <link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css"> <title>login</title> </head> <style> .login-panel { margin-top: 150px; </style> <body> <div class="container"> <div class="row"> <div class="col-md-4 col-md-offset-4"> <div class="login-panel panel panel-success"> <div class="panel-heading"> <h3 class="panel-title">sign in</h3> </div> <div class="panel-body"> <form role="form" method="post" action="login.php"> <fieldset> <div class="form-group" > <input class="form-control" placeholder="e-mail" name="email" type="email" autofocus> </div> <div class="form-group"> <input class="form-control" placeholder="password" name="pass" type="password" value=""> </div> <input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" > <!-- change button or input when using form --> <!-- <a href="index.html" class="btn btn-lg btn-success btn-block">login</a> --> </fieldset> </form> </div> </div> </div> </div> </div> </body> </html> <?php include("database/db_conection.php"); if(isset($_post['login'])){ $user_email=mysqli_real_escape_string($dbcon, $_post['email']); $user_pass=mysqli_real_escape_string($dbcon, $_post['pass']); $encrypted_password = password_hash($user_pass, password_bcrypt); if ($query = $dbcon->query("select user_pass users user_email='$user_email'") == false) { echo "the email doesn't exist in db"; } else { $passwordvalue=$query->fetch_object()->user_pass; if (password_verify($user_pass,$passwordvalue)){ echo "success!"; }else{ echo $encrypted_password; echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>error!</strong> email or password entered incorrect!</div>"; } /*$check_user="select * users user_email='$encrypted_email' , user_pass='$user_pass'"; $run=mysqli_query($dbcon,$check_user); if(mysqli_num_rows($run)) { echo "<script>window.open('welcome.php','_self')</script>"; $_session['email']=$user_email;//here session used , value of $user_email store in $_session. } else { echo "<script>alert('email or password incorrect!')</script>"; }*/ } } ?> i've added if statement checks if query false, if it's false echo email doesn't exist in database, wanted, if exist, you're fetched password want.
Comments
Post a Comment