Php script login problem

Question

0.00/5 (No votes)

See more:

I'm trying to login make a PHP login script work but I receive as an errors:
Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in /hermes/bosnaweb25a/b2739/d5.sfconsul/public_html/daaseed.com/Player/login.php on line 32 Warning: Cannot modify header information - headers already sent by (output started at /hermes/bosnaweb25a/b2739/d5.sfconsul/public_html/daaseed.com/Player/index.php:3) in /hermes/bosnaweb25a/b2739/d5.sfconsul/public_html/daaseed.com/Player/login.php on line 36

index.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php"); // Redirecting To Profile Page
    exit();
}
?>
login.php
<?php
session_start(); // Starting Session 

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

$error = ''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
  if (empty($_POST['username']) || empty($_POST['password'])) { 
    $error = "Username or Password is invalid"; 
  } 
  else{ 
    // Define $username and $password 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    // mysqli_connect() function opens a new connection to the MySQL server. 
   // $conn = mysqli_connect("localhost", "root", "", "customers"); 
      mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

       $conn = mysqli_connect(......); 

    // SQL query to fetch information of registerd users and finds user match. 
    $query = "SELECT username, password, Paid from customers where username=? AND password=? AND Paid='y' LIMIT 1"; 
    // To protect MySQL injection for Security purpose 
    $stmt = $conn->prepare($query); 
    $stmt->bind_param("ss", $username, $password); 
    $stmt->execute(); 
    $stmt->bind_result($username, $password); 
    $stmt->store_result(); 
    if($stmt->fetch()) //fetching the contents of the row { 
      $_SESSION['login_user'] = $username; // Initializing Session 
    header("location: profile.php"); // Redirecting To Profile Page 
  }
  mysqli_close($conn); // Closing Connection 
} 
?>
I receive the errors when trying to login. I tried googling it but with no luck of finding the right solution. How to fix the issues?

What I have tried:

I noticed that this errors occur only when on server. I tried on localhost-no problems. Of course, I changed the mysqli statement but It seems that something else is wrong.

Posted 29-Jul-19 20:16pm

nasko bobev

Updated 29-Jul-19 23:08pm

Add a Solution

Comments

Richard Deeming 30-Jul-19 10:31am

You're storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP includes functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2019-07-29T23:08:00

PHP

$query = "SELECT username, password, Paid from customers where username=? AND password=? AND Paid='y' LIMIT 1";
// To protect MySQL injection for Security purpose
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);

Your SELECT statement requests three variables, but your bind_result only specifies two.