TomasV

Thanks a bunch for your reply! Taken me two weeks to get the script working somewhat and your input really gave me some thoughts . I'm up and running now with some improvements. Trying to get a hold of a good way of letting users upload profile pictures. Is there any recommendations to a tutorial you seem fit for a newbie like me? There are other things, but I'll try solve them the best I can on my own for now. I do appreciate your help alot, explained it very detailed and easy to understand!

I can't find out whats the problem here, would appreciate some input in how to think building my "if". The problem is that I don't seem to catch if an email exists, nor if user exists and neither can I create a new user :/. Appreciate your help alot! <?php // Start the session in case of errors to display within the page of user creation session_start(); $err_msg = array(); $errflag = false; // Check if the submit button was pressed if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['submit'] === 'Skapa') { // Crypt password $options = ['cost' => 10]; $username = strip_tags($_POST['uname']); $password = strip_tags(password_hash($_POST['pword'], PASSWORD_DEFAULT, $options)); $email = strip_tags($_POST['uname'], '@'); // Check so all the fields are filled if ($_POST['uname'] == '' || $_POST['pword'] == '' || $_POST['pwordcheck'] == '') { $err_msg[] = 'Please enter all fields<br>'; $errflag = true; } // See if passwords and confirm matches if ($_POST['pword'] !== $_POST['pwordcheck']) { $err_msg[] = 'Passwords doesn\'t match!<br>'; $errflag = true; } // Check password length, atleast 8 characters if (strlen($_POST['pword']) < 7) { $err_msg[] = 'Password must be atleast 8 characters long'; $errflag = true; } // Check if email exists include_once('../includes/db.inc.php'); $db = new PDO(DB_INFO, DB_USER, DB_PASS); $sql = "SELECT COUNT(*) AS count FROM movies WHERE email = :emailadress"; $stmt = $db->prepare($sql); $stmt->bindParam(':emailadress', $email); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row > 0) { $err_msg[] = 'Email already taken!'; $errflag = true; $db = NULL; } // Check if user exists include_once('../includes/db.inc.php'); $db = new PDO(DB_INFO, DB_USER, DB_PASS); $sql = "SELECT uname FROM users WHERE uname = :username"; $stmt = $db->prepare($sql); $stmt->bindParam(':username', $username); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row > 0) { $err_msg[] = 'User already exists'; $errflag = true; $db = NULL; } if ($errflag = false) { // Everything passed, create the user! include_once('../includes/db.inc.php'); $db = new PDO(DB_INFO, DB_USER, DB_PASS); $sql = "INSERT INTO users (uname, pword, email) VALUES (:username, :password, :emailadress)"; $stmt = $db->prepare($sql); $stmt->bindParam(':username', $username); $stmt->bindParam(':password', $password); $stmt->bindParam(':emailadress'); $stmt->execute(); $_SESSION['uname'] = $username; header('Location: ../template/header.php'); exit; } // If any error, send the user back and display messages if ($errflag == true) { $_SESSION['err_msg'] = $err_msg; session_write_close(); header('Location: ../user/create.php'); exit; } } else { $_SESSION['err_msg'] = $err_msg; session_write_close(); header('Location: ../user/create.php'); exit; } ?>

Still experiencing problems, thanks for your patience guys and for your help! "Fatal error: Call to a member function rowCount() on a non-object in" $sql = "SELECT userid, username, password FROM users WHERE username = '$username' and password = '$pas'"; $query_login = $db->prepare($sql); $result = $query_login->execute(array('username' => $username, 'password' => $pas)); if ($result->rowCount() > 0) { session_start();

Almost there I guess. Getting following error message now using this: Fatal error: Call to a member function rowCount() on a non-object in // Check so the form was filled if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['submit'] === 'Login' && !empty($_POST['username']) && !empty($_POST['password'])) { // Include DB credentials include_once('db.inc.php'); $db = new PDO(DB_INFO, DB_USER, DB_PASS); // Fetch username and password from form, to match up from DB $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $pas = md5($password, "testar"); $sql = "SELECT username, password FROM users WHERE username = '$username' and password = '$pas'"; $query_login = $db->prepare($sql); $result = $query_login->execute(array('username' => $username, 'password' => $pas)); $uid = $rowCount-> if ($result->rowCount() > 0) { session_start(); $_SESSION['username'] = $username; $_SESSION['logged'] = 1; $_SESSION['userid'] = $result['userid']; header('Location: ../user/user.php'); }

Hey, I'm really new to PHP and having some difficulties with $_SESSION and getting userid from the database. I've managed to put content to my database and also a login script. Though, adding sessions has been a pain. Here's what I got so far: $sql = "SELECT username, password FROM users WHERE username = '$username' and password = '$pas'"; $query_login = $db->prepare($sql); $query_login->execute(array('userid' => $userid, 'username' => $username, 'password' => $pas)); $result = $query_login->rowcount(); if ($result>0) { session_start(); $_SESSION['username'] = $username; $_SESSION['logged'] = 1; $_SESSION['userid'] = $result['userid']; header('Location: ../user/user.php'); }