MySQLi Login help

[Doge]

Can't get this to work

<?php
if(isset($_POST['submit'])){
    $input['username'] = htmlentities($_POST['username'], ENT_QUOTES);
    $input['password'] = htmlentities($_POST['password'], ENT_QUOTES);
   
    if ($stmt = $conn->prepare("SELECT FROM users WHERE username=? AND password=?"))
    {
        $stmt->bind_param("ss", $input['username'], $input['password']);
        $stmt->execute();
        $stmt->store_result();
       
        if ($stmt->num_rows > 0)
        {
            $_SESSION['username'] = $input['username'];
            $_SESSION['logged'] = 1;
            header("Location: login.php");
        }
    } else {
        echo "<br /><form class=\"form-signin\"><div style=\"text-align: center;\">Error: failed to log you in!</div></form>";
    }
}
$conn->close();
?>

Any idea? Help will be credited. Can't for the life of me see it.

 

[Markshall]

Mind telling us what the fuck happens when you run the script?

 

[Doge]

Mind telling us what the fuck happens when you run the script?

It's a login script.

Inputted data be it correct or incorrect tells me I have inputted invalid details.

 

[Markshall]

SELECT FROM

You're selecting no columns. Try SELECT * FROM

 

[Doge]

SELECT FROM

You're selecting no columns. Try SELECT * FROM

Haha silly typo c:

Thanks; I can then login with an account that doesn't use md5 to hash the passwords.
Problem is I can't login with an account that uses a hashed password when I change the bind param line to:

$stmt->bind_param("ss", $input['username'], md5($input['password']));

 

[Markshall]

Try doing

$hash = md5($input['password']);
$stmt->bind_param('ss', $input['username'], $hash);

Sorry I'm on iPad

 

[GarettM]

Quick question why does if query false show couldn't login but if account details are wrong nothing happens?...

 

[Doge]

Quick question why does if query false show couldn't login but if account details are wrong nothing happens?...

It's some mock up code I started working on last night at 3am haha, I'll have to change that. I've been so tired.

Try doing

$hash = md5($input['password']);
$stmt->bind_param('ss', $input['username'], $hash);

Sorry I'm on iPad

Thanks for your input, I'll try this code when I get back on the server however I have tried something very similar to this and it hadn't worked. Hopefully this will work.

Try doing

$hash = md5($input['password']);
$stmt->bind_param('ss', $input['username'], $hash);

Sorry I'm on iPad

Doesn't seem to work.. ://

Full page code:

<?php

include 'assets/database.php';
session_start();

if (isset($_SESSION['logged'])) {
    if ($_SESSION['logged'] == 1) {
        header("Location: dashboard.php");
    }
}
?>
<html>
<head>
    <title>PhpStrap - Login</title>
    <link rel="stylesheet" href="css/bootstrap.min.css"> 
    <link rel="stylesheet" href="css/extra.css">
    <style type="text/css">
      body {
        padding-top: 40px;
        padding-bottom: 40px;
        background-color: #f5f5f5;
      }

      .form-signin {
        max-width: 300px;
        padding: 19px 29px 29px;
        margin: 0 auto 20px;
        background-color: #fff;
        border: 1px solid #e5e5e5;
        -webkit-border-radius: 5px;
          -moz-border-radius: 5px;
                border-radius: 5px;
        -webkit-box-shadow: 0 1px 2px rgba(0,0,0,.05);
          -moz-box-shadow: 0 1px 2px rgba(0,0,0,.05);
                box-shadow: 0 1px 2px rgba(0,0,0,.05);
      }
      .form-signin .form-signin-heading,
      .form-signin .checkbox {
        margin-bottom: 10px;
      }
      .form-signin input[type="text"],
      .form-signin input[type="password"] {
        font-size: 16px;
        height: auto;
        margin-bottom: 15px;
        padding: 7px 9px;
      }

    </style>
</head>
<body>
    <div class="container">
      <form class="form-signin" action="login.php" method="post">
          <h4>PhpStrap Login</h4>
        <input type="text" name="username" class="input-block-level" placeholder="Username">
        <input type="password" name="password" class="input-block-level" placeholder="Password">
        <button class="btn btn-block btn-success" name="submit" value="submit" type="submit">Sign in</button>
      </form>
        <div style="text-align: center;font-size: small;">Powered by <a href="http://www.getphpstrap.com/" target="_blank">PhpStrap</a></div>
    </div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
    $input['username'] = htmlentities($_POST['username'], ENT_QUOTES);
    $input['password'] = htmlentities($_POST['password'], ENT_QUOTES);
    $hash = md5($input['password']);
                 
    if ($stmt = $conn->prepare("SELECT * FROM users WHERE username=? AND password=?"))
    {
        $stmt->bind_param("ss", $input['username'], $hash);
        $stmt->execute();
        $stmt->store_result();
     
        if ($stmt->num_rows > 0)
        {
            $_SESSION['username'] = $input['username'];
            $_SESSION['logged'] = 1;
            header("Location: login.php");
        }
    } else {
        echo "<br /><form class=\"form-signin\"><div style=\"text-align: center;\">Error: failed to log you in!</div></form>";
    }
}
$conn->close();
?>

Problem fixed: I had database row set to 30 not 32 in length