Jump to content

PHP Fetch Problem


Tom8001

Recommended Posts

Hello, I have a login script and i don't get any errors, it just redirects to the suspended.php

 

Here is the PHP Code:

<?php

session_start();
require_once('./includes/global_config.php');
require('./includes/connect.php');

if($_SERVER['REQUEST_METHOD'] == "POST")
{

	$username = $_POST['user'];
	$password = $_POST['pass'];
	$token = $_POST['token'];
	
	$username = htmlspecialchars($username, ENT_QUOTES);
	$password = htmlspecialchars($password, ENT_QUOTES);
	$token = htmlspecialchars($token, ENT_QUOTES);
	
	$username = htmlentities($username, ENT_QUOTES);
	$password = htmlentities($password, ENT_QUOTES);
	$token = htmlentities($token, ENT_QUOTES);
	
	$stmt = $conn->prepare("SELECT username, password, rank, active FROM users");
	$stmt->bindParam("ss", $username, $password);
	$stmt->execute();
	$fetch = $stmt->fetchAll();
	$rank = $fetch['rank'];
	$active = $fetch['active'];
	
	if($stmt->rowCount() === TRUE)
	{
	
	if($rank == 1 || $active == 1)
	{
		$_SESSION['username'] = $username;
		$_SESSION['loggedIn'] = TRUE;
		$_SESSION['rank'] = $rank;
		echo '<meta http-equiv="refresh" content="0;./admincp/dashboard.php">';
	} if($rank == 0 || $active == 1) {
	
		$_SESSION['username'] = $username;
		$_SESSION['loggedIn'] = TRUE;
		$_SESSION['rank'] = $rank;
		echo '<meta http-equiv="refresh" content="0;./usercp/dashboard.php">';
	} if($rank == 0 && $active == 0) {
	
		$_SESSION['username'] = $username;
		$_SESSION['loggedIn'] = FALSE;
		$_SESSION['rank'] = FALSE;
		echo '<meta http-equiv="refresh" content="0;./suspended.php">';
	} else {
	
		die("Login Failed.");
	
	}
	
	}
}

?>

Also i understand i haven't hashed the password yet, this is not public yet.

 

I'm guessing the problem is

$fetch = $stmt->fetchAll();
$rank = $fetch['rank'];
$active = $fetch['active'];

or

$stmt = $conn->prepare("SELECT username, password, rank, active FROM users");

Every bit of help is much appreciated :)

Link to comment
https://forums.phpfreaks.com/topic/297899-php-fetch-problem/
Share on other sites

What database api are you using? PDO or MySQLi. I assume PDO, as you are using PDO functions in your code.
 
However here

$stmt->bindParam("ss", $username, $password);

$stmt->bindParam is a PDO function. But the arguments you are passing to this function is incorrect,  ("ss", $username, $password)   is MySQLi arguments for binding variables to a query
 
As you only want your query to return the row where the username and password matches you need to apply a where clause. You would use placeholders for the username and password values. 

$stmt = $conn->prepare("SELECT username, password, rank, active FROM users WHERE username = :usernmae AND password = :password");

For each variable you you call bindParam passing the placeholder (name/index) followed by the variable to be bound to that placeholder

$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);

 
When fetching the result from the query you dont want to call fetchAll. Your query will only returning one row. So call  $fetch = $stmt->fetch(PDO::FETCH_ASSOC); instead.

 

$stmt->rowCount() doesn't return a boolean. It returns the number of rows from your query. So you want to check if i$stmt->rowCount() equals to 1

if($stmt->rowCount() === 1)

if you have not output anything then use  header('Location: page.php');  to preform the redirect rather than use HTML meta refresh tag. After calling header make sure you use  exit;

Link to comment
https://forums.phpfreaks.com/topic/297899-php-fetch-problem/#findComment-1519484
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.