Ok so if I understood well, we have turned the mysql code into pdo code and is this way:
<?php
session_start();
$servername = "localhost";
$dbusername = "";
$dbpassword = "";
$dbname = "";
$pdo = new PDO("mysql:host=$servername;dbname=$dbname",$dbusername,$dbpassword);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
if ($pdo->connect_error) {
die("Connection failed: " . $pdo->connect_error);
}
$id="";
$username = $_POST['username'];
$password = md5($_POST['password']);
$func = "SELECT contrasena FROM users WHERE username='$username'";
$stmt = $pdo->prepare("SELECT contrasena
, bloqueado
FROM users
WHERE username = :username
");
$stmt->execute( ['username' => $username] );
$row = $stmt->fetch();
$realpass = $row['contrasena'];
$bloqueado = $row['bloqueado'];
//Login
if(!empty($username)) {
// Check the email with database
$userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1");
$userexists->bindParam(':username', $username);
$userexists->execute();
// Get the result
$userexistsres = $userexists->fetchColumn();
// Check if result is greater than 0 - user exist
if ($userexistsres == 1) {
if ($bloqueado == NO) {
if ($password != $realpass) {
die("contrasena incorrecta");
} else {
$_SESSION['loguin']="OK";
$_SESSION['username']="$username";
header("Location: ./herramientas.php");
exit;
}
} else {
die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. Si el problema persiste contacta con contacto@leonmacias.com");
}
} else {
die("No hay ninguna cuenta con este nombre de usuario");
}
} else {
echo 'El campo usuario esta vacio';
}
But still the $pdo variable is not defined and the code shouldn't work, right? That's my main issue, if I can make it work with mysql and in a couple of months when I have more time convert it to pdo is still fine for me thank you for your help with this issue