PLEASE HELP

sweeti · April 2, 2012

Please help guys...im stuck here

<code>

public function login($uname, $pass)

{

$result =$this->db->query("SELECT * FROM tbl_userauth");

$result->execute();

$resl=$result->fetchAll(PDO::FETCH_ASSOC);

if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass)

{

return $this->error("Username or Password Not Found");

}

else{

header("location:dash.php");

}

</code>

In this i am not able to validate password field..i am able to validate username but not able to validate password field in PDO.

trq · April 2, 2012

Are your passwords hashed?

Besides, you should be executing your check within your actual query.

sweeti · April 2, 2012

Ya m password is hashed..

Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt..

trq · April 2, 2012

Ya m password is hashed..

Then you need to hash it before your comparison.

wt exactly u mean by dt..

And in whole words?

sweeti · April 2, 2012

Ya m password is hashed..

Then you need to hash it before your comparison.

wt exactly u mean by dt..

And in whole words?

How would you hash it????i am new at php and trying to learn can you please guide me..

Muddy_Funster · April 2, 2012

Ya m password is hashed..

Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt..

{
$pass = <your hash algorithm>($pass);
$result =$this->db->query("SELECT <id field> FROM tbl_userauth WHERE <user name> = $uname and <password> = $pass");

change the parts of the code that have <> around them to your system specific values.

dragon_sa · April 2, 2012

How would you hash it????i am new at php and trying to learn can you please guide me..

He means how is your password stored in the database, have you used md5 or sha1 or something else to encrypt it. When you compare the passwords you need to do the same thing so the values are the same or they will not match and hence you have an issue.

sweeti · April 2, 2012

How would you hash it????i am new at php and trying to learn can you please guide me..

He means how is your password stored in the database, have you used md5 or sha1 or something else to encrypt it. When you compare the passwords you need to do the same thing so the values are the same or they will not match and hence you have an issue.

I am using sha1()..

Muddy_Funster · April 2, 2012

And again...

Ya m password is hashed..

Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt..
{
$pass = <your hash algorithm>($pass);
$result =$this->db->query("SELECT <id field> FROM tbl_userauth WHERE <user name> = $uname and <password> = $pass");
change the parts of the code that have <> around them to your system specific values.

dragon_sa · April 2, 2012

as Muddy_Funster says

public function login($uname, $pass)
   {
       $pass=sha1($pass);
       $result =$this->db->query("SELECT * FROM tbl_userauth");
       $result->execute();
       $resl=$result->fetchAll(PDO::FETCH_ASSOC);
      if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass)
     
      {
           return $this->error("Username or Password Not Found");
      
      }
else{
      
         header("location:dash.php");
}
}

sweeti · April 2, 2012

as Muddy_Funster says

public function login($uname, $pass)
   {
       $pass=sha1($pass);
       $result =$this->db->query("SELECT * FROM tbl_userauth");
       $result->execute();
       $resl=$result->fetchAll(PDO::FETCH_ASSOC);
      if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass)
     
      {
           return $this->error("Username or Password Not Found");
      
      }
else{
      
         header("location:dash.php");
}
}

hey guys i tried doing that but some how the password is not getting validated..with a wrong password to i can log in the system

sweeti · April 2, 2012

public function login( $uname, $pass, $remember=false )

{

$uname = $this->escape($uname);

$password = $pass;

$pass = $this->escape($pass);

$result = $this->db->query("SELECT `{$this->table['id']}`,`{$this->table['pass']}`,`{$this->table['active']}`

FROM ".TBL_USERS." WHERE `{$this->table['user']}` = '$uname' LIMIT 1");

// If user not found

if ($result->num_rows == 0)

{

return $this->error("Username Not Found");

}

// If user is found

else

{

$row = $result->fetch_array();

// Compare passwords

if(!$this->comparePassword($pass, $row[$this->table['pass']]))

{

return $this->error("Invalid username/Password");

}

// If passwords match but user is not verified

if($row[$this->table['active']] < 1)

{

return $this->error("Account not verified or inactive");

}

// If everything goes well, set the userID

$this->userID = $row[$this->table['id']];

}

This was the original code in mysql bt i tried to do in PDO in a simplified manner...can you please tell me where i went wrong???????

PFMaBiSmAd · April 2, 2012

The if() conditional statement is incorrect. The only time it will return the "Username or Password Not Found" error is if both the username and password are wrong, because you are using an && logical operator (you would need to use an || for it to work correctly, because you are using negative logic.) If only one of them is wrong, the else{} statement with your header() redirect will be executed.

You do realize that by testing the [0]'th element of the result set, your code will only work when there is just one row in your database table, which is one of the reasons why thorpe suggested performing the logic check in your query statement (you would query to find the correct row, with the username and password in your database table, then test if the query matched exactly one row.)

Edit: Which is why the original code that you just posted was doing what I stated in the second paragraph above.

sweeti · April 2, 2012

The if() conditional statement is incorrect. The only time it will return the "Username or Password Not Found" error is if both the username and password are wrong, because you are using an && logical operator (you would need to use an || for it to work correctly, because you are using negative logic.) If only one of them is wrong, the else{} statement with your header() redirect will be executed.

You do realize that by testing the [0]'th element of the result set, your code will only work when there is just one row in your database table, which is one of the reasons why thorpe suggested performing the logic check in your query statement (you would query to find the correct row, with the username and password in your database table, then test if the query matched exactly one row.)

Edit: Which is why the original code that you just posted was doing what I stated in the second paragraph above.

I had tested with || operator too..I am totally getting an error even when my username and password both right..n i just have one row in my database so....

dragon_sa · April 2, 2012

Why dont you comment out the public function and run your mysql query and echo out the results you are getting to see if they are what you are expecting from the DB

sweeti · April 3, 2012

Why dont you comment out the public function and run your mysql query and echo out the results you are getting to see if they are what you are expecting from the DB

Im getting a perfectly fine result when me doing mysql but when converting it to PDO i am getting an error..

Sign In

PLEASE HELP

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information