PHP MySQLi doesn't recognize login info

Question 1

I can't login to the database using mysqli class.

I get the next error:

Warning: mysql_query(): Access denied for user 'www-data'@'localhost' (using password: NO)

I have the next code:

$this->mysqlCon = new mysqli($siteConfig['db']['hostname'], $siteConfig['db']['username'], $siteConfig['db']['password'], $siteConfig['db']['database']);

var_dump() of $siteConfig['db'] returns:

array(4) {
  ["hostname"]=>
  string(9) "localhost"
  ["username"]=>
  string(4) "root"
  ["password"]=>
  string(*) "***Censored***"
  ["database"]=>
  string(*) "***Censored***"
}

My VPS is running Debian 6 32bit.

Question 2

Warning: mysql_query()
             ^---------------------- notice something? :)

You seem to be mixing up mysql and mysqli in your code.

Question 3

I think you need to take a look into how mysqli_ works. This should get you in the right direction.

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $user_id = 0;
    $status = ""

    $stmt = $con->prepare("SELECT user_id, username, password, status FROM users WHERE username=? AND password=? LIMIT 1");
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    $stmt->bind_result($user_id, $username, $password, $status);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            if($stmt->fetch()) //fetching the contents of the row
            {
               if ($status == 'd') {
                   echo "YOUR account has been DEACTIVATED.";
                   exit();
               } else {
                   $_SESSION['Logged'] = 1;
                   $_SESSION['user_id'] = $user_id;
                   $_SESSION['username'] = $username;
                   echo 'Success!';
                   exit();
               }
           }

    }
    else {
        echo "INVALID USERNAME/PASSWORD Combination!";
    }
    $stmt->close();
}
else 
{   

}
$con->close();

Question 4

This was solved by changing the file functions.php:

<?php
function get_user_email($user_id) {
    global $db; //This is what was needed!
    $sql = "SELECT email FROM user_acc WHERE user_id='$user_id'";
    if(!$result = $db->query($sql)) {die("woops!");}
    $data = $result->fetch_assoc();
    return $data['email'];
}
?>

Thank you Your Common Sense for supplying the indirect answer that lead to answering this uestion ;)

Question 5

To be sure you see all PHP errors, add this code on top of your script:

error_reporting(E_ALL);
ini_set('display_errors', 1);

You must correct your calls to mysqli_real_escape_string. According to the documentation, there must be two parameters, and the first parameter must be a MySQL link. In your case that link would be $mysqli.

Also, replace:

if($row==1){

with:

if($result->num_row==1){

You are misunderstanding what $result->num_rows is: it contains the TOTAL number of rows returned by the query whose result is stored in $result. So, it is useless to check the value of $result->num_rows inside the loop where you retrieve all records returned by the query.

I removed the constant MYSQLI_USE_RESULT from your query() because the documentation for mysqli_query says:
If you use MYSQLI_USE_RESULT all subsequent calls will return error Commands out of sync unless you call mysqli_free_result().

New code:

<?php
    $mysqli = new mysqli('localhost', 'root', 'password', 'aiesec');

    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %sn", mysqli_connect_error());
        exit();
    }

    // cleanup POST variables
    $myusername = mysqli_real_escape_string($mysqli, stripslashes(trim($_POST['myusername'])));
    $mypassword = mysqli_real_escape_string($mysqli, stripslashes(trim($_POST['mypassword'])));

    // If result matched $myusername and $mypassword, table row must be 1 row
    $sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; 
    $result = mysqli->query($sql);
     if($mysqli->errno<>0)
        die("Errormessage: %sn", $mysqli->error);
    echo $result->num_rows;
    if($result->num_rows==1){
        echo "correct username and pass";
        // Register $myusername, $mypassword and redirect to file "login_success.php"
       // session_register("myusername");
        //session_register("mypassword");
        //header("location:login_success.php");
    }
    else {
        echo "Wrong Username or Password";
    }
    mysqli_close();     
?>

Question 6

MySQL has a different timeout than PHP. You could increase it in php.ini on the line mysql.connect_timeout = 14400. Also increase the default_socket_timeout = 14400

Note that if your PHP setting allow you to do an ini_set, you can also do as follows:

ini_set('mysql.connect_timeout', 14400);
ini_set('default_socket_timeout', 14400);

PHP MySQLi doesn't recognize login info

Answers

php,mysqli,database-connection