Checking Matching Rows With Sql’s COUNT Function

@novice2022Dec 05.2022

Folks,

Unlike last time where I was checking for matching rows count using mysqli_stmt_rows_count():
https://forum.webdeveloper.com/d/402190-checking-for-matching-rows-using-mysqli-stsmt-num-rows

On this thread, I am checking for matching rows count using Sql’s COUNT function.
This means, both threads are not same so mods do not close them.

Issue is on both threads, no matter if I give correct password or incorrect, I always get message ‘Incorrect user Credentials’.
Why is that ?
The details on Mysql Looks like this:

id | domain | password
0 | gmail.com | 373b29d2837e83b9ca5cec712a5985843df271cc

Obviously, password is hashed using sha_256.

Here is the php code:

[code] ini_set(“display_errors”,1); ini_set(“display_startup_errors”,1); error_reporting(E_ALL);

echo login_form();

if($_SERVER[‘REQUEST_METHOD’] === ‘POST’) { echo __LINE__; echo ‘<br>’;//DELETE

check_user_input(); echo __LINE__; echo ‘<br>’;//DELETE process_login_form(); echo __LINE__; echo ‘<br>’;//DELETE }

function login_form() { echo ‘ <div name=”center pane” id=”center pane” align=”center” size=”50px” width=”33%”> <form method=”POST” action=”” name=”login_form” id=”login_form” width=”50%”> <fieldset> <label for=”domain”>Domain</label> <input type=”text” name=”domain” id=”domain” size=”50″ minlength=”5″ maxlength=”253″ title=”Input your Domain” placeholder=”yourdomain.tld”> <br> <label for=”password”>Password</label> <input type=”text” name=”password” id=”password” size=”50″ minlength=”8″ maxlength=”25″ title=”Input your Password” placeholder=”alpha-numerical-chars”> <br> </fieldset> <fieldset> <button type=”submit” name=”login” id=”login” title=”Submit Form”>Login!</button> </fieldset> </form> </div> ‘; }

function check_user_input() { if(!EMPTY($_POST[‘domain’])) { echo __LINE__; echo ‘<br>’;//DELETE

$domain = trim($_POST[‘domain’]); } elseif(!EMPTY($_POST[‘domain_email’])) { echo __LINE__; echo ‘<br>’;//DELETE $domain_email = trim($_POST[‘domain_email’]); } else { die(‘Input your Domain’); } if(!EMPTY($_POST[‘password’])) { echo __LINE__; echo ‘<br>’;//DELETE $hashed_password = hash(‘sha256’,$_POST[‘password’]); } else { die(‘Input your Password’); } }

function process_login_form() { echo __LINE__; echo ‘<br>’;//DELETE

Global $domain; Global $password; //DELETE Global $hashed_password; //Query DB. //Check if User already registered or not. mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT); $conn = mysqli_connect(“localhost”,”root”,””,”buzz”); //mysqli_connect(“server”,”user”,”password”,”db”); $stmt = mysqli_stmt_init($conn); $sql_count = “SELECT COUNT(‘id’) FROM domains WHERE domain = ? OR domain_email = ? AND password = ?”; if(!mysqli_stmt_prepare($stmt,$sql_count)) { echo __LINE__; echo ‘<br>’;//DELETE echo ‘Mysqli Error: ‘ .mysqli_stmt_error(); //DEV MODE. echo ‘<br>’; echo ‘Mysqli Error No: ‘ .mysqli_stmt_errno(); //DEV MODE. echo ‘<br>’; die(‘Registration a Failure!’); } else { echo __LINE__; echo ‘<br>’;//DELETE mysqli_stmt_bind_param($stmt,”sss”,$domain,$domain_email,$password); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt,$rows_count); mysqli_stmt_fetch($stmt); if($rows_count<1) //User not registered. { echo __LINE__; echo ‘<br>’;//DELETE echo ‘password: ‘.$password; echo ‘<br>’; echo ‘hashed password: ‘.$hashed_password; echo ‘<br>’; mysqli_stmt_close($stmt); mysqli_close($conn); die(‘Incorrect User Credentials!’); } mysqli_stmt_close($stmt); mysqli_close($conn); echo __LINE__; echo ‘<br>’;//DELETE echo ‘password: ‘ .$password; echo ‘<br>’; echo ‘hashed password: ‘ .$hashed_password; echo ‘<br>’; header(‘location: home.php’); exit; } } [/code]

to post a comment

PHP

5 Comments(s) _↴

@novice2022authorDec 05.2022 — #I am opening another thread where I attempt with the password_verify() function. And so, do not advise me here to use that. This thread is a different function issue. Let's resolve this thread too.

@novice2022authorDec 05.2022 — #@NogDog

Why is this failing ?

<i>
 </i>if(!mysqli_stmt_fetch($stmt))
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>		echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		die('Password fetching failed!');
 <i>	</i>	}
 <i>	</i>

Context:

<i>
 </i>ini_set("display_errors",1);
 ini_set("display_startup_errors",1);
 error_reporting(E_ALL);
 
 echo login_form();
 
 if($_SERVER['REQUEST_METHOD'] === 'POST')
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>check_user_input();
 <i>	</i>
 <i>	</i>echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>process_login_form();
 <i>	</i>
 <i>	</i>echo __LINE__; echo '&lt;br&gt;';//DELETE
 }
 
 
 function login_form()
 {
 echo 
 '
 &lt;div name="center pane" id="center pane" align="center" size="50px" width="33%"&gt;
 &lt;form method="POST" action="" name="login_form" id="login_form" width="50%"&gt;
 &lt;fieldset&gt;
 &lt;label for="domain"&gt;Domain&lt;/label&gt;
 &lt;input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld"&gt;
 &lt;br&gt;
 &lt;label for="password"&gt;Password&lt;/label&gt;
 &lt;input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars"&gt;
 &lt;br&gt;
 &lt;/fieldset&gt;
 &lt;fieldset&gt;
 &lt;button type="submit" name="login" id="login" title="Submit Form"&gt;Login!&lt;/button&gt;
 &lt;/fieldset&gt;
 &lt;/form&gt;
 &lt;/div&gt;
 ';
 }
 
 
 function check_user_input()
 {
 if(!EMPTY($_POST['domain']))
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>	$domain = trim($_POST['domain']);
 <i>	</i>}
 <i>	</i>elseif(!EMPTY($_POST['domain_email']))
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>	$domain_email = trim($_POST['domain_email']);
 <i>	</i>}
 <i>	</i>else
 <i>	</i>{
 <i>	</i>	die('Input your Domain');
 <i>	</i>}
 <i>	</i>
 <i>	</i>if(!EMPTY($_POST['password']))
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>	$hashed_password = hash('sha256',$_POST['password']); 
 <i>	</i>}
 <i>	</i>else
 <i>	</i>{
 <i>	</i>	die('Input your Password');
 <i>	</i>}
 }
 
 
 function process_login_form()
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>Global $domain;
 <i>	</i>Global $password; //DELETE
 <i>	</i>Global $hashed_password;
 <i>	</i>
 <i>	</i>//Query DB.
 <i>	</i>//Check if User already registered or not.
 <i>	</i>mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
 <i>	</i>$conn = mysqli_connect("localhost","root","","buzz"); //mysqli_connect("server","user","password","db");
 <i>	</i>$stmt = mysqli_stmt_init($conn);
 <i>	</i>$sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ?  OR domain_email = ? AND password = ?";
 <i>	</i>
 <i>	</i>if(!mysqli_stmt_prepare($stmt,$sql_count))
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>	echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
 <i>	</i>	echo '&lt;br&gt;';
 <i>	</i>	echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
 <i>	</i>	echo '&lt;br&gt;';
 <i>	</i>	die('Registration a Failure!');
 <i>	</i>}
 <i>	</i>else
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>	mysqli_stmt_bind_param($stmt,"sss",$domain,$domain_email,$password);
 <i>	</i>	mysqli_stmt_execute($stmt);
 <i>	</i>	mysqli_stmt_bind_result($stmt,$rows_count);
 <i>	</i>	if(!mysqli_stmt_fetch($stmt))
 <i>	</i>	{
 <i>	</i>		echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>		echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		die('Password fetching failed!');
 <i>	</i>	}
 <i>	</i> 
 <i>	</i>	if($rows_count&lt;1) //User not registered.
 <i>	</i>	{
 <i>	</i>		echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>		echo 'password: '.$password; echo '&lt;br&gt;';
 <i>	</i>		echo 'hashed password: '.$hashed_password; echo '&lt;br&gt;';
 <i>	</i> 
 <i>	</i>		mysqli_stmt_close($stmt);
 <i>	</i>		mysqli_close($conn);
 <i>	</i>		die('Incorrect User Credentials!');
 <i>	</i>	}
 <i>	</i>	mysqli_stmt_close($stmt);
 <i>	</i>	mysqli_close($conn);
 <i>	</i> 
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>	echo 'password: ' .$password; echo '&lt;br&gt;';
 <i>	</i>	echo 'hashed password: ' .$hashed_password; echo '&lt;br&gt;';
 <i>	</i> 
 <i>	</i>	header('location: home.php');
 <i>	</i>	exit;
 <i>	</i>}
 }

Seems like I got the same issue here too as:

https://forum.webdeveloper.com/d/402192-why-password-verify-function-fails/2

@novice2022authorDec 06.2022 — #I fixed it:

<i>
 </i>ini_set("display_errors",1);
 ini_set("display_startup_errors",1);
 error_reporting(E_ALL);
 
 echo login_form();
 
 if($_SERVER['REQUEST_METHOD'] === 'POST')
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>check_user_input();
 <i>	</i>
 <i>	</i>echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>process_login_form();
 <i>	</i>
 <i>	</i>echo __LINE__; echo '&lt;br&gt;';//DELETE
 }
 
 
 function login_form()
 {
 echo 
 '
 &lt;div name="center pane" id="center pane" align="center" size="50px" width="33%"&gt;
 &lt;form method="POST" action="" name="login_form" id="login_form" width="50%"&gt;
 &lt;fieldset&gt;
 &lt;label for="domain"&gt;Domain&lt;/label&gt;
 &lt;input type="text" name="domain" id="domain" size="50" minlength="5" maxlength="253" title="Input your Domain" placeholder="yourdomain.tld"&gt;
 &lt;br&gt;
 &lt;label for="password"&gt;Password&lt;/label&gt;
 &lt;input type="text" name="password" id="password" size="50" minlength="8" maxlength="25" title="Input your Password" placeholder="alpha-numerical-chars"&gt;
 &lt;br&gt;
 &lt;/fieldset&gt;
 &lt;fieldset&gt;
 &lt;button type="submit" name="login" id="login" title="Submit Form"&gt;Login!&lt;/button&gt;
 &lt;/fieldset&gt;
 &lt;/form&gt;
 &lt;/div&gt;
 ';
 }
 
 
 function check_user_input()
 {
 if(EMPTY($_POST['domain']) &amp;&amp; EMPTY($_POST['domain_email']))
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>	die('Input either your Domain or your Domain Email!');
 <i>	</i>}
 }
 
 
 function process_login_form()
 {
 echo __LINE__; echo '&lt;br&gt;';//DELETE
 
 <i>	</i>$user = !EMPTY($_POST['domain'])?$domain = trim($_POST['domain']):$domain_email = trim($_POST['domain_email']);
 <i>	</i>$hashed_password = hash('sha256',trim($_POST['password']));
 <i>	</i>
 <i>	</i>//Query DB.
 <i>	</i>//Check if User already registered or not.
 <i>	</i>mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
 <i>	</i>if(!$conn = mysqli_connect("localhost","root","","buzz")) //mysqli_connect("server","user","password","db");
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>	die('1. Something went wrong. Please try again later!');
 <i>	</i>}
 <i>	</i>$stmt = mysqli_stmt_init($conn);
 <i>	</i>$sql_count = "SELECT COUNT('id') FROM domains WHERE domain = ?  AND password = ?";
 <i>	</i>
 <i>	</i>if(!mysqli_stmt_prepare($stmt,$sql_count))
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>	echo 'Mysqli Error: ' .mysqli_stmt_error(); //DEV MODE.
 <i>	</i>	echo '&lt;br&gt;';
 <i>	</i>	echo 'Mysqli Error No: ' .mysqli_stmt_errno(); //DEV MODE.
 <i>	</i>	echo '&lt;br&gt;';
 <i>	</i>	die('Login a Failure!');
 <i>	</i>}
 <i>	</i>else
 <i>	</i>{
 <i>	</i>	echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>	mysqli_stmt_bind_param($stmt,"ss",$user,$hashed_password);
 <i>	</i>	mysqli_stmt_execute($stmt);
 <i>	</i>	mysqli_stmt_bind_result($stmt,$rows_count);
 <i>	</i>	if(!mysqli_stmt_fetch($stmt))
 <i>	</i>	{
 <i>	</i>		echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i>
 <i>	</i>		echo 'Mysqli Error: ' .mysqli_stmt_error($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		echo 'Mysqli Error No: ' .mysqli_stmt_errno($stmt); //DEV MODE.
 <i>	</i>		echo '&lt;br&gt;';
 <i>	</i>		die('Password fetching failed!');
 <i>	</i>	}
 <i>	</i> 
 <i>	</i>	if($rows_count&lt;1) //User not registered.
 <i>	</i>	{
 <i>	</i>		echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>		echo 'Rows Count: ' .$rows_count; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'domain: ' .$domain; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'domain_email: ' .$domain_email; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'password: ' .$password; echo '&lt;br&gt;'; //DELETE
 <i>	</i> 
 <i>	</i>		mysqli_stmt_close($stmt);
 <i>	</i>		mysqli_close($conn);
 <i>	</i>		die('Incorrect User Credentials!');
 <i>	</i>	}
 <i>	</i>	else
 <i>	</i>	{
 <i>	</i>		mysqli_stmt_close($stmt);
 <i>	</i>		mysqli_close($conn);
 <i>	</i> 
 <i>	</i>		echo __LINE__; echo '&lt;br&gt;';//DELETE
 <i>	</i> 
 <i>	</i>		echo 'Rows Count: ' .$rows_count; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'domain: ' .$domain; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'domain_email: ' .$domain_email; echo '&lt;br&gt;'; //DELETE
 <i>	</i>		echo 'password: ' .$password; echo '&lt;br&gt;'; //DELETE
 <i>	</i> 
 <i>	</i>		header('location: home.php');
 <i>	</i>		exit;
 <i>	</i>	}
 <i>	</i>}
 }

@novice2022authorDec 06.2022 — #@sempervivum

You may close this thread.

@SempervivumDec 06.2022 — #{"locked":true}

Also in #PHP _↴

Embedding php+database music categorization Form with message and redirect to thankyou.html

Success!

Help @novice2022 spread the word by sharing this article on Twitter...

Tweet This

Checking Matching Rows With Sql’s COUNT Function

5 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Checking Matching Rows With Sql’s COUNT Function

5 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

5 Comments(s) _↴

Also in #PHP _↴