sweeti Posted April 2, 2012 Share Posted April 2, 2012 Please help guys...im stuck here <code> public function login($uname, $pass) { $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass) { return $this->error("Username or Password Not Found"); } else{ header("location:dash.php"); } } </code> In this i am not able to validate password field..i am able to validate username but not able to validate password field in PDO. Quote Link to comment Share on other sites More sharing options...
trq Posted April 2, 2012 Share Posted April 2, 2012 Are your passwords hashed? Besides, you should be executing your check within your actual query. Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 Ya m password is hashed.. Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt.. Quote Link to comment Share on other sites More sharing options...
trq Posted April 2, 2012 Share Posted April 2, 2012 Ya m password is hashed.. Then you need to hash it before your comparison. wt exactly u mean by dt.. And in whole words? Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 Ya m password is hashed.. Then you need to hash it before your comparison. wt exactly u mean by dt.. And in whole words? How would you hash it????i am new at php and trying to learn can you please guide me.. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted April 2, 2012 Share Posted April 2, 2012 Ya m password is hashed.. Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt.. { $pass = <your hash algorithm>($pass); $result =$this->db->query("SELECT <id field> FROM tbl_userauth WHERE <user name> = $uname and <password> = $pass"); change the parts of the code that have <> around them to your system specific values. Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted April 2, 2012 Share Posted April 2, 2012 How would you hash it????i am new at php and trying to learn can you please guide me.. He means how is your password stored in the database, have you used md5 or sha1 or something else to encrypt it. When you compare the passwords you need to do the same thing so the values are the same or they will not match and hence you have an issue. Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 How would you hash it????i am new at php and trying to learn can you please guide me.. He means how is your password stored in the database, have you used md5 or sha1 or something else to encrypt it. When you compare the passwords you need to do the same thing so the values are the same or they will not match and hence you have an issue. I am using sha1().. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted April 2, 2012 Share Posted April 2, 2012 And again... Ya m password is hashed.. Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt.. { $pass = <your hash algorithm>($pass); $result =$this->db->query("SELECT <id field> FROM tbl_userauth WHERE <user name> = $uname and <password> = $pass"); change the parts of the code that have <> around them to your system specific values. Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted April 2, 2012 Share Posted April 2, 2012 as Muddy_Funster says public function login($uname, $pass) { $pass=sha1($pass); $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass) { return $this->error("Username or Password Not Found"); } else{ header("location:dash.php"); } } Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 as Muddy_Funster says public function login($uname, $pass) { $pass=sha1($pass); $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass) { return $this->error("Username or Password Not Found"); } else{ header("location:dash.php"); } } hey guys i tried doing that but some how the password is not getting validated..with a wrong password to i can log in the system Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 public function login( $uname, $pass, $remember=false ) { $uname = $this->escape($uname); $password = $pass; $pass = $this->escape($pass); $result = $this->db->query("SELECT `{$this->table['id']}`,`{$this->table['pass']}`,`{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['user']}` = '$uname' LIMIT 1"); // If user not found if ($result->num_rows == 0) { return $this->error("Username Not Found"); } // If user is found else { $row = $result->fetch_array(); // Compare passwords if(!$this->comparePassword($pass, $row[$this->table['pass']])) { return $this->error("Invalid username/Password"); } // If passwords match but user is not verified if($row[$this->table['active']] < 1) { return $this->error("Account not verified or inactive"); } // If everything goes well, set the userID $this->userID = $row[$this->table['id']]; } } This was the original code in mysql bt i tried to do in PDO in a simplified manner...can you please tell me where i went wrong??????? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 2, 2012 Share Posted April 2, 2012 The if() conditional statement is incorrect. The only time it will return the "Username or Password Not Found" error is if both the username and password are wrong, because you are using an && logical operator (you would need to use an || for it to work correctly, because you are using negative logic.) If only one of them is wrong, the else{} statement with your header() redirect will be executed. You do realize that by testing the [0]'th element of the result set, your code will only work when there is just one row in your database table, which is one of the reasons why thorpe suggested performing the logic check in your query statement (you would query to find the correct row, with the username and password in your database table, then test if the query matched exactly one row.) Edit: Which is why the original code that you just posted was doing what I stated in the second paragraph above. Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 2, 2012 Author Share Posted April 2, 2012 The if() conditional statement is incorrect. The only time it will return the "Username or Password Not Found" error is if both the username and password are wrong, because you are using an && logical operator (you would need to use an || for it to work correctly, because you are using negative logic.) If only one of them is wrong, the else{} statement with your header() redirect will be executed. You do realize that by testing the [0]'th element of the result set, your code will only work when there is just one row in your database table, which is one of the reasons why thorpe suggested performing the logic check in your query statement (you would query to find the correct row, with the username and password in your database table, then test if the query matched exactly one row.) Edit: Which is why the original code that you just posted was doing what I stated in the second paragraph above. I had tested with || operator too..I am totally getting an error even when my username and password both right..n i just have one row in my database so.... Quote Link to comment Share on other sites More sharing options...
dragon_sa Posted April 2, 2012 Share Posted April 2, 2012 Why dont you comment out the public function and run your mysql query and echo out the results you are getting to see if they are what you are expecting from the DB Quote Link to comment Share on other sites More sharing options...
sweeti Posted April 3, 2012 Author Share Posted April 3, 2012 Why dont you comment out the public function and run your mysql query and echo out the results you are getting to see if they are what you are expecting from the DB Im getting a perfectly fine result when me doing mysql but when converting it to PDO i am getting an error.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.