Signing in with email gives "error=nouser" while signing in with the username has no issue

Question

In my code, logging in with a username works, but with an email does not. Using the email to log in gives the error: error=nouser.

How can I make it work?

The login code:

if (isset($_POST['login-submit'])) {

    require 'dbh.inc.php';

    $mailuid = $_POST['mailuid'];
    $emailUsers = $_POST['emailUsers'];
    $password = $_POST['pwd'];

    if (empty($mailuid) || empty($password)) {
        header("Location: ../index.php?error=emptyfields");
        exit();
    }
    else {
        $sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../index.php?error=sqlerror");
            exit();
        }
        else {
            mysqli_stmt_bind_param($stmt, "ss", $mailuid, $emailUsers);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($row = mysqli_fetch_assoc($result)) {
                if (password_verify($password, $row['pwdUsers'])) {
                    session_start();
                    $_SESSION['userId'] = $row['idUsers'];
                    $_SESSION['userUid'] = $row['uidUsers'];

                    header("Location: ../index.php?login=success");
                    exit();
                }
                else {
                    header("Location: ../index.php?error=wrongpwd");
                    exit();
                }
            }
            else {
                header("location: ../index.php?error=nouser");
                exit();
            }
        }
    }
}
else {
    header("Location: ../index.php");
    exit();
}

The signup code:

        <?php
    if (isset($_POST['signup-submit'])) {

    require 'dbh.inc.php';

    $username = $_POST['uid'];
    $email = $_POST['mail'];
    $password = $_POST['pwd'];
    $passwordRepeat = $_POST['pwd-repeat'];

    if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
        header("Location: ../signup.php?error=emptyfields&uid=" .$username. "&email=" .$email);
        exit();
    }
    else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../signup.php?error=invalidmail&uid");
        exit(); 
    }
    else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../signup.php?error=invalidemail&uid=" .$username);
        exit();
    }
    else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../signup.php?error=invaliduid&mail=" .$email);
        exit();
    }
    else if ($password !== $passwordRepeat) {
        header("Location: ../signup.php?error=passwordcheck&uid=" .$username. "&mail=" .$email);
        exit();
    }
    else {


        $sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
          header("Location: ../signup.php?error=sqlerror");
          exit();
        }
        else {
          mysqli_stmt_bind_param ($stmt, "s", $username);
          mysqli_stmt_execute($stmt);
          mysqli_stmt_store_result($stmt);
          $resultCheck = mysqli_stmt_num_rows($stmt);
          if ($resultCheck > 0) {
                header("Location: ../signup.php?error=usertaken&email=" .$email);
                exit();
          }
          else {

            $sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
            $stmt = mysqli_stmt_init($conn);
            if (!mysqli_stmt_prepare($stmt, $sql)) {
          header("Location: ../signup.php?error=sqlerror");
          exit();
          }
          else {
            $hashedPwd = password_hash($password, PASSWORD_DEFAULT);

              mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
              mysqli_stmt_execute($stmt);
              header("Location: ../signup.php?signup=success");
              exit();

            }

          }

        }

    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);

    }
    else{
    header("Location: ../signup.php");
    exit();
    }

*Another file for signup:

<?php
  require "header.php";
?>

<main>
  <div class="wrapper-main">
    <section class="section-default">
      <h1>Signup</h1>
      <?php
        if (isset($_GET["error"])) {
            if ($_GET["error"] == "emptyfield") {
                echo '<p class="signuperror">Fill in all fields!</p>';
            }
            else if ($_GET["error"] == "invaliduidemail") {
                echo '<p class="signuperror">Invalid username and e-mail!</p>';
            }
            else if ($_GET["error"] == "invaliduid") {
                echo '<p class="signuperror">Invalid username!</p>';
            }
            else if ($_GET["error"] == "invalidemail") {
                echo '<p class="signuperror">Invalid e-mail!</p>';
            }
            else if ($_GET["error"] == "passwordcheck") {
                echo '<p class="signuperror">Your pssword do not match!</p>';
            }
            else if ($_GET["error"] == "usertaken") {
                echo '<p class="signuperror">Username is already taken!</p>';
            }
        }
        else if(isset($_GET["signup"]) == "success") {
            echo '<p class="signupsuccess">Signup successful!</p>';
        }
      ?>
      <form class="form-signup" action="includes/signup.inc.php" method="post">
        <input type="text" name="uid" placeholder="Username">
        <input type="text" name="mail" placeholder="E-mail">
        <input type="password" name="pwd" placeholder="password">
        <input type="password" name="pwd-repeat" placeholder="Repeat password">
        <button type="submit" name="signup-submit">Signup</button>
      </form>
    </section>
  </div>
</main>

<?php
  require "footer.php";
?>

You need to stop manually checking for errors. Please read: [Should we ever check for mysqli_connect() errors manually?](https://stackoverflow.com/q/58808332/1839439) and [Should I manually check for errors when calling “mysqli_stmt_prepare”?](https://stackoverflow.com/q/62216426/1839439) — Dharman, Jun 14 '20 at 16:24
@Dharman Thanks, I should learn to do that after finding the solution to the error. — Rez, Jun 14 '20 at 16:38
Your sign-up form doesn't contain a field called `mailuid`, yet you use it in your PHP code, and you haven't shown your login form so I'm not sure if the same applies. Your sign-up form doesn't contain a field called `login-submit`, but you use that to decide whether the form was submitted, so in theory you can never sign up. And your sign-up code, even if it ran, doesn't add a user, it just seems to do the same as the login code. — droopsnoot, Jun 14 '20 at 17:33
Thanks @droopsnoot but there is & it signup and adds to the db just fine, you can see the middle of the page's code. Pls let me know if I am wrong. Signup file: ---------------------------------------------- if (isset($_POST['login-submit'])) { require 'dbh.inc.php'; $mailuid = $_POST['mailuid']; $emailUsers = $_POST['emailUsers']; $password = $_POST['pwd']; — Rez, Jun 14 '20 at 17:52
@MrBean Bremen thanks for editing my question, I wish I had a teacher like you ;) — Rez, Jun 14 '20 at 19:41
This line in your login code `if (empty($mailuid) || empty($password)) {` surely means that if the user fills in the `emailUsers` field, but does not fill in the `mailuid` field, the code will redirect them. You need to check that the user has filled in the password and either the username or email address fields. Or just have one, and apply it to either field in your query. — droopsnoot, Jun 15 '20 at 08:46

Signing in with email gives "error=nouser" while signing in with the username has no issue

0 Answers0