Hello!
I'm trying to update an old login form that I created that stores the website's admin username and password in a database, and I am feeling a little silly but can't figure out why this does not work anymore. The website is successfully pulling other values from the MySQL database, and so I do not think that that is the cause for the issue, but I am getting an empty array value when I try to check for errors: Array ( [0] => 00000 [1] => [2] => ).
The layout for the table looks like what I am adding below:
username password
example_username example_password
The PHP version for the site is 7.4. I am almost 100% sure that the error is not coming from any of the includes files, because everything else is working on the site. I think that there likely has been an update or something that I am misunderstanding that is affecting the below page code:
<?php
define( 'TITLE', 'Log In' );
include '../includes/connection.php';
include 'includes/header.php';
include 'includes/nav.php';
?>
<!-- Begin page content -->
<main class="flex-shrink-0">
<div class="container">
<div style="padding-top: 10%;">
<?php
// Attempt Log In
$submit = $_POST[ 'submit' ];
if ( $submit == 'Log In' ) {
$username = $_POST[ 'username' ];
$password = sha1( $_POST[ 'password' ] );
// $username = 'username';
// $password = 'password';
// echo "Your username is ".$username.' and your password is '.$password;
$sql = $dbh->prepare( "select username from fr_admin where username = ? and password = ?" );
$sql->bindValue( 1, $username, PDO::PARAM_STR );
$sql->bindValue( 2, $password, PDO::PARAM_STR );
$sql->execute();
print_r($sql->errorInfo());
$sqlresults = $sql->fetch();
$uname = $sqlresults[ 'username' ];
if ( $uname == $username ) {
$_SESSION[ 'admin' ] = 'authorized';
$_SESSION[ 'username' ] = $username;
} else {
echo '<p class="text-danger"><strong>There was a problem logging in. Please try again!</strong></p>';
}
}
// Display for logged out users
if ( $_SESSION[ 'admin' ] != 'authorized' ) {
?>
<h3 class="mt-3 mb-4">Please log in to add a film review.</h3>
<!-- Log In Form -->
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" class="pb-5">
<div class="form-group">
<label for="username" class="pt-3">Username</label>
<input type="text" class="form-control" name="username" id="username" aria-describedby="username" required placeholder="Enter Username">
</div>
<div class="form-group pb-3">
<label for="password" class="pt-3">Password</label>
<input type="password" class="form-control" name="password" id="password" aria-describedby="password" required placeholder="Enter Password">
</div>
<!--<input type="submit" name="submit" value="Log In">-->
<button class="btn btn-primary" type="submit" name="submit" value="Log In">Log In</button>
</form>
<?php
} else {
// Successful Log In
echo '<p><strong class="text-success">Welcome, ' . $_SESSION[ 'username' ] . '.</strong>';
echo '  —  <a href="logout.php">Log Out</a></p><h3 class="mt-3 mb-5">Add a film review below.</h3>';
// Attempt to add film review
if ( $_SERVER[ 'HTTP_REFERER' ] == 'https://strandian.com/SDCCD/webd167/finalproject/admin/index.php' || $_SERVER[ 'HTTP_REFERER' ] == 'https://strandian.com/SDCCD/webd167/finalproject/admin/index.php' ) {
if ( $submit == 'Add Film Review' ) {
$title = $_POST[ 'title' ];
$content = $_POST[ 'content' ];
$inssql = $dbh->prepare( "insert into fr_films (filmtitle,filmreview) values (?,?)" );
$inssql->bindValue( 1, $title, PDO::PARAM_STR );
$inssql->bindValue( 2, $content, PDO::PARAM_STR );
$inssql->execute();
$lastid = $dbh->lastInsertId();
$newpicname = $lastid . '.jpg';
$bool = move_uploaded_file( $_FILES[ 'photo' ][ 'tmp_name' ], '../images/uploads/' . $newpicname );
if ( $bool ) {
echo '<p class="text-success"><strong>   Record inserted and picture uploaded!</strong></p>';
} else {
echo '<p class="text-danger"><strong> There was a problem adding your review!</strong></p>';
}
}
}
?>
<!-- Form to Add Film Review -->
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" enctype="multipart/form-data" class="pb-5">
<div class="form-group">
<label for="title" class="pt-3">Title</label>
<input type="text" class="form-control" name="title" id="title" aria-describedby="title" required placeholder="Enter Film Title">
</div>
<div class="form-group pb-4">
<label for="content" class="pt-3">Content</label>
<textarea name="content" class="form-control" id="content" rows="4" required placeholder="Enter Review Content"></textarea>
</div>
<div class="custom-file mb-3">
<input type="file" name="photo" class="custom-file-input" id="photo" required accept=".jpg, .jpeg">
<label class="custom-file-label" for="photo">Add a photo (jpeg)</label>
</div>
<!--<input type="submit" name="submit" value="Add Film Review" class="mt-4">-->
<button class="btn btn-primary mt-4" type="submit" name="submit" value="Add Film Review">Add Film Review</button>
</form>
<?php } ?>
</div>
</div>
</main>
<!-- Script to display filename for <input type="file"> in Add Film Review table -->
<script>
$('#photo').on('change',function(){
//get the file name
var fileName = $(this).val();
//replace the "Choose a file" label
$(this).next('.custom-file-label').html(fileName);
})
</script>
<?php include '../includes/footer.php'; ?>
I really appreciate anyone taking the time to help me with this!