Jump to content

EnriqueL

New Members
  • Posts

    8
  • Joined

  • Last visited

EnriqueL's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Gizmola, wow that is great thank you. It is working fantastic now. May I ask you a couple of things about changes? I really like to understand things You both are great by the way, it is working now!
  2. Ok, I have been reading again the code and trying to understand the changes. I am sorry Barand, as you say we had already definied $pdo I don't know what I was thinking about when I wrote that. Regarding to "You are attempting to bind the $username to the :username placeholder - but you haven't used a placeholder." I don't really understand what you mean to say. Honestly, I have no idea about using placeholders on this type of code. The pdo stuff of my code was from the internet as I didn't know how to get the confirmation about if the user existed or not. Could you explain that for me please? and I will take the "LIMIT 1" out of the code right now. Sorry again for that.
  3. Ok so if I understood well, we have turned the mysql code into pdo code and is this way: <?php session_start(); $servername = "localhost"; $dbusername = ""; $dbpassword = ""; $dbname = ""; $pdo = new PDO("mysql:host=$servername;dbname=$dbname",$dbusername,$dbpassword); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); if ($pdo->connect_error) { die("Connection failed: " . $pdo->connect_error); } $id=""; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $stmt = $pdo->prepare("SELECT contrasena , bloqueado FROM users WHERE username = :username "); $stmt->execute( ['username' => $username] ); $row = $stmt->fetch(); $realpass = $row['contrasena']; $bloqueado = $row['bloqueado']; //Login if(!empty($username)) { // Check the email with database $userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if ($userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } else { $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./herramientas.php"); exit; } } else { die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. Si el problema persiste contacta con contacto@leonmacias.com"); } } else { die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } But still the $pdo variable is not defined and the code shouldn't work, right? That's my main issue, if I can make it work with mysql and in a couple of months when I have more time convert it to pdo is still fine for me thank you for your help with this issue
  4. Thank you for all the information given and for spending time on this! I will defenitely look for more information about that danger for sqlinjection with my code as for information about PDO. Regarding the corrections you have made, unfortunately, I have applied them to my code and I am still getting the same issue. If you want you can try to get in and check it out http://leonmacias.com/senasa/ Before you told me that pdo wasn't defined. That's because I got the code for verifyng if the user was in the database before sending the message warning them to be blocked if login was rejected as I didn¡t know how to do it. I guess that that line is wrong. What should I do to make that work? I have sent in the message before the entire code except for the db username, name and password so if you see something that is missing and that you have been there defenitely is my mistake. I would like to apologize again for making you loose you time with my noob stuff
  5. Thank you very much for the answer. You are right, having everything into a couple of lines was a mistake of copying and pasting from my code editor but defenitely I would never do it like that. I have just checked out the else correction but unfortunately it didn't fix this issue. I guess that it is because of the pdo code that you talked about that to be honest, I have no idea about. In a near future I will consider to switch to pdo but right now my knowledge is not good enough to do it. May I ask you what should I do to convert that pdo into mysql to make this work? And again thank you for this
  6. Wow I am so sorry about the spacing, I have just checked that out and didn't notice. No, I only have a mysqli connection here it goes the entire code: <?php session_start(); $servername = "localhost"; $dbusername = ""; $dbpassword = ""; $dbname = ""; $conn = new mysqli($servername, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado]; //Login if(!empty($username)) { // Check the email with database $userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if( $userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } Else{ $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./index.php"); } } Else{ die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. } Else{ die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } ?> And once again sorry for sending the code all in line I didn't notice
  7. I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection):
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.