Login With Username or Email And Password - Cleaning Up The Reg Page

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • bits2017
    New Member
    • Jun 2017
    • 39
    #1

    Login With Username or Email And Password - Cleaning Up The Reg Page

    Folks,

    Let us work on this following suggested code:

    Code:
    if ($_SERVER['REQUEST_METHOD'] == "POST") // not really needed since you're checking $_POST
{
    if (isset($_POST["login_username"]) && isset($_POST["login_password"])) {
        $username = trim($_POST["login_username"]); //
        $password = trim($_POST["login_password"]); //
        $hashed_password = password_hash($_POST["login_password"], PASSWORD_DEFAULT);
        $sql = "
SELECT
  ids,
  usernames, 
  passwords, 
  emails, 
  accounts_activations_statuses 
FROM users 
WHERE usernames = ?
  AND passwords = ?
";
        $stmt = mysqli_prepare($conn, $sql);
        mysqli_stmt_bind_param($stmt, 'ss', $username, $hashed_password);
        mysqli_stmt_execute($stmt);
        if (mysqli_stmt_num_rows($stmt)) {
            // found a match, we're good to go...
        } else {
            // whatever you do when user/password not found...
        }
    }
}
    Ok. The above was based on the User inputting his Username & Password.
    Now, imagine the html login form gave the user a choice to either input his Username or Email and then his Password.
    Now, how would you code it ? Where would you change to what ?
    tbl column names are:
    usernames
    emails
    passwords

    Imagine the html form looks like this:

    Code:
    <!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<form method="post" action="">
	<h3><?= $site_name ?> Member Login Form</h3>
	<fieldset>
		<label for="login_name">Username/Email:</label>
		<input type="text" name="login_username_or_email" id="login_name" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"</center>
		<br>
		<label for="login_pass">Password:</label>
		<input type="password" name="login_password" id="login_pass" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>"></center>
	</fieldset>
	<div class="submitsAndHiddens">
		<label for="login_remember">Remember Login Details:</label>
		<input type="checkbox" name="login_remember" />
		<br>
		<button type="submit">Login</button>
		<br>
		<a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
		<br>
		<a href="register.php">Register here!</a>
	</div>
</form>

</body>
</html>
    On the form, I have not quite got the cookie thing ("Remember Me" feature sorted).

    Another code I was suggested is the following but it is in pdo and my few pages of codes are in mysqli procedural style.
    Hence, I need help converting this from pdo to mysqli procedural style.

    Code:
    if (
	array_key_exists('login_username_or_email', $_POST) &&
	array_key_exists('login_password'], $_POST)
) {

	// don't bother trimming, they can't enter it right, don't let them log in!

	$stmt = $conn->prepare('
		SELECT ids, usernames, passwords, emails, accounts_activations_statuses
		FROM users
		WHERE ' . (
			strpos($usernameOrEmail, '@') === false) ? 'usernames' : 'emails'
		) . ' = ?
	');
	$stmt->bind_param('s', $_POST['login_username_or_email']);
	$stmt->execute();
	$stmt->bind_result(
		$db_id, $db_username, $db_password, $db_email,
		$db_account_activation_status
	);
	
	if (
		$stmt->fetch() &&
		password_verify($_POST['login_password'], $db_password)
	) {
		echo '
			<p>Login Successful</p>
			<dl>
				<dt>User Id</dt>
				<dd>', $db_id, '</dd>
				<dt>E-Mail</dt>
				<dd>', $db_email, '</dd>
				<dt>Username</dt>
				<dd>', $db_username, '</dd>
				<dt>Activation Stats</dt>
				<dd>', $db_account_activation_status, '</dd>
			</dl>
		';
	} else echo '<p>Invalid username or password</p>';	
	$stmt->close();
	
} else echo '<p>Missing username or password</p>';
    I'd appreciate your own suggested code sample aswell but make sure it is in: mysqli procedural style.
    This will be a good learning curve for newbies from this forum.
    Tags: None
    • bits2017
      New Member
      • Jun 2017
      • 39
      #2
      Php Folks!

      You know others in other forums suggest I use regex but yet again they never provide sample or I reckon many don't know the regex.
      I will mention your sample on other forum and link back to this thread. Hopefully, a lot of newbies would flock this way to learn more regex.
      In the meanwhile since I am a little weak on php, do you mind adding the following regex code on my next following code so that I start getting an idea (and any future newbies too that drop-in here) how regex fits into my code or anywhere atall ? hug:

      Code:
      function valid_email($email) { 
    if(preg_match('/^([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[@]([0-9,a-z,A-Z]+)([.,_,-]([0-9,a-z,A-Z]+))*[.]([0-9,a-z,A-Z]){2}([0-9,a-z,A-Z])*$/',$email)) { 
        return TRUE; 
    } else { 
        return FALSE; 
    } 
}
      You will notice that, I have a few questions on my comments where I show confusion on how to proceed forward.
      At one place, in the comments, I will ask which 1 of the following 2 I should use which will suit the context of my code well.
      I commented-out the one that I personally thought did not fit into my codes' context. But, I need your professional opinion.

      Code:
      //$result = mysqli_stmt_get_result($stmt); //Use either this line (if you need to get all data of the array without associating them to variables like you do with mysqli_stmt_bind_result), or ...

$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // ... this line. But not both.
      At one point, I was not sure which 1 of the following 3 to use. I commented-out the 2 that I personally thought did not fit in to my codes' context. But I need your professional opinion here too.
      Code:
      $row = mysqli_stmt_fetch($stmt);
//$row = mysqli_fetch_array($query, MYSQLI_ASSOC);
//$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
      Code:
      <?php
 
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 
include 'config.php';
 
// check if user is already logged in
if (is_logged() === true) 
{
	//Redirect user to homepage page after 5 seconds.
	header("refresh:2;url=home.php");
	exit; //
}


if ($_SERVER['REQUEST_METHOD'] == "POST")
{ 
	if (isset($_POST["login_username_or_email"]) && isset($_POST["login_password"]))
	{
		$username_or_email = trim($_POST["login_username_or_email"]); //
		$password = $_POST["login_password"];		
         
		//Select Username or Email to check against Mysql DB if they are already registered or not.
		$stmt = mysqli_stmt_init($conn);
		
        if(strpos("$username_or_email", "@") == true)
		{
			$email = $username_or_email;
			$username = "";
			
			$query = "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE emails = ?";
			$stmt = mysqli_prepare($conn, $query);			
			mysqli_stmt_bind_param($stmt, 's', $email);
			mysqli_stmt_execute($stmt);
		    //$result = mysqli_stmt_get_result($stmt); //Use either this line (if you need to get all data of the array without associating them to variables like you do with mysqli_stmt_bind_result), or ...
			//Note from line below that the variables "$db_username", "$db_account_activation_status" are related to the tbl columns selected on $query ("SELECT ids, usernames, accounts_activations_statuses From users .. WHERE).
			$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // ... this line. But not both.
		}
		else
		{
			$username = $username_or_email;
			$email = "";
			$query = "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE usernames = ?";
			$stmt = mysqli_prepare($conn, $query);
			mysqli_stmt_bind_param($stmt, 's', $username);
			mysqli_stmt_execute($stmt);
			//$result = mysqli_stmt_get_result($stmt); //Use either this line (if you need to get all data of the array without associating them to variables like you do with mysqli_stmt_bind_result), or ...
			//Note from line below that the variables "$db_email", "$db_account_activation_status" are related to the tbl columns selected on $query ("SELECT ids, emails, accounts_activations_statuses From users .. WHERE).
			$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // ... this line. But not both.
		}       	
		
		//Which of the following to do and why that one over others ?
		$row = mysqli_stmt_fetch($stmt);
		//$row = mysqli_fetch_array($query, MYSQLI_ASSOC);
		//$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
		
		mysqli_stmt_close($stmt);
		
		printf("%s (%s)\n",$row["usernames"],$row["passwords"]);
		
		if ($result == false)
		{
			echo "'$result == false' on line 73! IF got triggered on line 73! !<br>";// For debugging purpose!
			exit();
		}
		elseif ($row['accounts_activations_statuses'] == '0')
		{
			{
				echo "You have not activated your account yet! Check your email for instructions on how to activate it. 
				Check your spam folder if you don't find an email from us.";
				exit();
			}
		}
		else
		{
			echo "'$result == true' on line 73! Else got triggered on line 86! <br>";// For debugging purpose!
		}
		
		if (password_verify($password, $db_password))		
		{
			echo "IF triggered for password_verify! password_verify ok";
			//If 'Remember Me' check box is checked then set the cookie. 
			//if(!empty($_POST["login_remember"])) // Either use this line ....
			if (isset($_POST['login_remember']) && $_post['login_remember'] == "on") // ...or this line. But not both!
			{
				setcookie("login_username", $username, time()+ (10*365*24*60*60));
			}
			else
			{
				//If Cookie is available then use it to auto log user into his/her account!
				if (isset($_COOKIE['login_username']))
				{
					setcookie("login_username","","");
				}
			}
			$_SESSION["user"] = $username;
			header("location:home.php?user=$username");				
		}
		else
		{
			echo "Else got triggered on line 111: Incorrect User Credentials ! 'password_verify = FALSE';<br>";// For debugging purpose!
			exit();
		}
	}
}
	
?>

<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<form method="post" action="">
	<h3><?= $site_name ?> Member Login Form</h3>
	<fieldset>
		<label for="login_name">Username/Email:</label>
		<input type="text" name="login_username_or_email" id="login_name" value="<?php if(isset($_COOKIE["login_username_or_email"])) echo $_COOKIE["login_username_or_email"]; ?>"
		<br>
		<label for="login_pass">Password:</label>
		<input type="password" name="login_password" id="login_pass" value="<?php if(isset($_COOKIE["login_password"])) echo $_COOKIE["login_password"]; ?>">
	</fieldset>
	<div class="submitsAndHiddens">
		<label for="login_remember">Remember Login Details:</label>
		<input type="checkbox" name="login_remember" />
		<br>
		<button type="submit">Login</button>
		<br>
		<a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
		<br>
		<a href="register.php">Register here!</a>
	</div>
</form>

</body>
</html>
      Finally, do you or anyone mind adding the cookie section so that when the user checks the "Remember Me" checkbox then the cookie gets set to auto login the user when next time they visit the login.php page or the page this php code is running on.
      Even though I have read on how to use the following, I still get confused a little and when you got tonnes of lines of codes you tend to get a little puzzled. You guys' inputs would be helpful and would remove any doubts from my mind.

      mysqli_fetch_ar ray
      mysqli_stmt_get _result($stmt)
      mysqli_stmt_bin d_result($stmt)
      cookies


      You know how it is. Reading & learning is one thing and seeing in practice how it is done in a project, is another thing. And it is called: Work Experience.

        Comment

        • bits2017
          New Member
          • Jun 2017
          • 39
          #3
          No one knows the answers ?

            Comment

            Previous template Next
            Working...