Database stops working after a few hours

Asked

Viewed 103 times

2

Hello, in this registration system, I get the information entered and play in a database.

    include("connection.php");
require("blowfish.php");

$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];

if($senha != $confirmarsenha)
{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
          <script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
    $mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
    $stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ? OR email = ?");
    $stmt->bind_param('ss', $login, $email);
    $stmt->execute();

    while($linha = mysqli_fetch_array($sqlpegar))
    {   
        $login_db = $linha['login'];
        $email_db = $linha['email'];
    }

    if($login_db == $login)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse usuario já existe')</script>";
    }
    if($email_db == $email)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
    }
    else
    {   
        $senha = hash_password($senha);
        $mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
        $stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
        $stmt->bind_param('sss', $login, $senha, $email);
        $stmt->execute();

        header("location: index.php");  
    }
}
mysqli_close($coneccao);
return false;

And as you can see I don’t allow similar emails or logins.

After registering the login works perfectly.

<?
include "connection.php";
require "blowfish.php";

$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ?");
$stmt->bind_param('s', $login);
$stmt->execute();

while($linha = mysqli_fetch_array($sql))
{
    $senha_db = $linha['senha'];
    $login_db = $linha['login'];
}

$cont = mysqli_num_rows($sql);

if($login_db != $login || $login == "")
{       
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
    <script type='text/javascript'>alert('Este usuario não existe')</script>";      
}
else
{
    if(verifica_hash($senha, $senha_db))
    {
        session_start();
        $_SESSION['login_usuario'] = $login;

        header("location: index.php");         
    }
    else{   
        echo "<meta http-equiv='refresh' content='0; url=index.php'>
            <script type='text/javascript'>alert('Senha incorreta')</script>";  
    }
}
mysqli_close($coneccao);

?>

however after a few hours if I try to login it informs that the user does not exist, however in the database the user is there and I can create a new account with the same name that I created a few hours ago.

Note: The site is hosted in a VPS.

  • Try to define an index UNIQUE in your login column, just for testing.

1 answer

5


Your logic is wrong.

while($linha = mysqli_fetch_array($sqlpegar))
{   
    $login_db = $linha['login'];
    $email_db = $linha['email'];
}

in this section you end up only with the data of the last record, so only the last registered person can log in and check for existence the comparison also only happens with the last registered user name.

Well after updating the question and discussion the final code should look similar to this.

include("connection.php");
require("blowfish.php");

$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');

if($senha != $confirmarsenha)
{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
          <script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
    $stmt = $mysqli->prepare("SELECT login, email FROM usuarios WHERE login = ? OR email = ?");
    $stmt->bind_param('ss', $login, $email);
    $stmt->execute();

    $stmt->bind_result($login_db, $email_db);
    if($stmt->fetch())
    {   
        if($login_db == $login)
        {
            echo "  <meta http-equiv='refresh' content='0'>
                    <script type='text/javascript'>alert('Esse usuario já existe')</script>";
        }
        else if($email_db == $email)
        {
            echo "  <meta http-equiv='refresh' content='0'>
                    <script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
        }
    }
    else
    {   
        $senha = hash_password($senha);
        $stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
        $stmt->bind_param('sss', $login, $senha, $email);
        $stmt->execute();

        header("location: index.php");  
    }
}

return false;

and

include "connection.php";
require "blowfish.php";

$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT login, senha FROM usuarios WHERE login = ?");
$stmt->bind_param('s', $login);
$stmt->execute();

$stmt->bind_param('ss', $login_db, $senha_db);
if($stmt->fetch())
{
    if($login == "")
    {       
        echo "<meta http-equiv='refresh' content='0; url=index.php'>
        <script type='text/javascript'>alert('Este usuario não informado')</script>";      
    }
    else
    {
        if(verifica_hash($senha, $senha_db))
        {
            session_start();
            $_SESSION['login_usuario'] = $login;

            header("location: index.php");         
        }
        else
        {   
            echo "<meta http-equiv='refresh' content='0; url=index.php'>
                <script type='text/javascript'>alert('Senha incorreta')</script>";  
        }
    }
}
  • And how should I get the entire database ??

  • Well, normally you would put the search/comparison directly in the query, I will update the answer soon with an example that could solve your problem.

  • Yeah, I used to do that before, but I thought it was unnecessary and I did, but I just put it back.

  • The way it is in the question all users would be returned and you would have to compare one to one in the code to know if there is someone using that login or email.

  • If you are going to perform the comparison in the query remember to treat the data to avoid SQL Injection.

  • Hello, I updated my code, I put the check to get the right user, however it keeps giving the same problem, I will update my question.

  • you updated the form of the query, but while got wrong, if you want to continue in the chat just start it.

  • 1

    @Can Hwapx update the answer with the chat conclusions? so the answer is complete. +1

Show 4 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.