class method for login form not working

[shan]

recently i changed my password for my mysql DB and after that the class method for the login form seems to be not working pl help me. And it doesn't throw up any errors too.

the code in dbconfig.inc.php where the class is initiated is as follows:

 

 

<?php
session_start();
$host="localhost";
$dbName="project";
$dbUname="root";
$dbPass="*****";


try
{
$conn=new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


}
catch (PDOException $e)
{
    $e->getMessage();
}
require_once 'classes.inc.php';


$project= new projecteg($conn);

the login logic script page is as follows:(i tried to var_dump user its not working)

 

<?php
           


include_once 'dbconfig.inc.php';
if (isset($_POST['submit-login'])) {
$uname= htmlentities($_POST['unamel']);
$unamel= stripslashes($uname);
echo "$unamel";
$pass= htmlentities($_POST['passl']);
$pass1= stripslashes($pass);
echo $pass1;
$passl=  md5($pass1);
$user = $project->viewProtectedArea($unamel,$passl);
print_r($user);
    if (isset($user)) {
       
                 $_SESSION['id']=$user['user_id'];
                  $_SESSION['fname']=$user['fname'];
                   $_SESSION['lname']=$user['lname'];
                  $_SESSION['uname']=$user['uname'];
                  $_SESSION['email']=$user['email'];
                  $_SESSION['phone']=$user['phone'];
                  $_SESSION['app']=TRUE;
                  $user_ok=TRUE;
                   header("location: ../home.php?u={$_SESSION['uname']}"); 


                  
    }  else {
        header("location: ../index.php?nosession");
    }










} 
/*
if (isset($_SESSION['app'])&&$_SESSION['uname']!="") {
   header("location: ../home.php?u=".$_SESSION['uname']);                       
                  } else {
                      header("location: ../index.php?usernotfound?id=017");
                  }
  */ 

the class method logic is as follows:

 

public function viewProtectedArea($unamel,$passl) 
                {
               try
               {
                   $active='1';
                   $stmth= $this->_db->prepare("select * from user where uname=:uname and pass=:pass and activated={$active}");
                   $stmth->bindparam(":uname",$unamel);
                   $stmth->bindparam(":pass",$passl);
                   $stmth->execute();
                  return $stmth->fetch(PDO::FETCH_ASSOC);
                 
                  }
                  
               
               catch (PDOException $exc)
               {
                   $exc->getMessage();
                   return false;
               
               }
               
           }

Edited October 5, 2015 by shan

[jamesmpollard]

Pop this at the top of the page to get any PHP errors:

 

 

ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);

 

 

Also, in your dbconfig, replace

$e->getMessage();

with

exit $e->getMessage();

[shan]

it actually gave the following error msg.

 

Parse error: syntax error, unexpected '$e' (T_VARIABLE) in /opt/lampp/htdocs/project/includes/dbconfig.inc.php on line 18

 

[jamesmpollard]

it actually gave the following error msg.

Please post full code for your dbconfig.inc.php or at least line 18

[jamesmpollard]

Scratch that, just realised.... line 18 is $e->getMessage();

 

Are you missing a semi colon?

[shan]

after removing exit in dbconfig and when i var dump the

 $user

i get bool(false). the method in the class seems to be harmless can u point me where im going wrong?? @jamesmpollard.

[shan]

 

<?php

$host="localhost";
$dbName="project";
$dbUname="root";
$dbPass="";

try
{
$conn=new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

}
catch (PDOException $e)
{
 $e->getMessage(); //line 18
}
require_once 'classes.inc.php';

$project= new projecteg($conn);

as asked im posting you the code

[shan]

no everything seems to be perfect

Edited October 5, 2015 by shan

[jamesmpollard]

Could you run this and post the response please:

 

<?php
$host = "localhost";
$dbName = "project";
$dbUname = "root";
$dbPass = "";
 
try {
    $conn = new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    exit('ERROR: ' . $e->getMessage());
}
require_once 'classes.inc.php';
 
$project = new projecteg($conn);

[shan]

it doesn't give any error's

[jamesmpollard]

it doesn't give any error's

Excellent, is it all working okay? Or are you still facing the same problem?

[shan]

no bro it returns bool false in login.inc.php when i vardump

 $user

[shan]

i just changed the fetch st to fetchall in stmth handle and now i get

array(0) { }

if i var_dump the $user.

[mac_gyver]

your query isn't matching any row(s).  for this condition, which isn't a query error, the ->fetch() method returns a boolean false and the ->fetchAll() method returns an empty array.

 

do the two form variables contain what you expect? are you using the same hashing method on the password when trying to login as when the account was registered (note: md5() is not suitable for hashing passwords. see the password_hash()/password_verify() functions.) is your pass field in the database table large enough to hold the hashed password?

 

and in your viewProtectedArea() method, the catch block for the pdo exception needs to do SOMETHING with the error information . just listing the $exc->getMessage(); on a line doesn't do anything with the value. you should log the error information on a live server and display the information when developing/debugging. if you use php's trigger_error() statement, rather than an exit()/die() statement to handle the error message, it uses php's error_reporting/display_errors/log_errors settings to control where the error information goes to.

 

edit: you would want to use something like this to handle the pdo exception message -

trigger_error("Query: $query, Error: {$e->getMessage()}, File: {$e->getFile()}, Line: {$e->getLine()}");

you should be forming your sql statement in a php variable, i.e. $query in this example, so that you can include it in the error handling.

Edited October 5, 2015 by mac_gyver

[Jacques1]

You should actually get rid of this silly try-catch stuff altogether.

 

The whole point of making PDO throw exceptions is that you do not have to manually check every single query for errors. With exceptions, query errors are automatically detected and trigger a fatal error with all relevant information.

 

If you prefer to copy-and-paste the same error handling procedure over and over again, you don't need exceptions (but I'd rather do the opposite: keep the exceptions, get rid of the error code).

[scootstah]

You should actually get rid of this silly try-catch stuff altogether.

 

The whole point of making PDO throw exceptions is that you do not have to manually check every single query for errors. With exceptions, query errors are automatically detected and trigger a fatal error with all relevant information.

 

If you prefer to copy-and-paste the same error handling procedure over and over again, you don't need exceptions (but I'd rather do the opposite: keep the exceptions, get rid of the error code).

I agree. You can use set_exception_handler to capture any unhandled PDO exceptions to do what you're doing in one single location. If you actually need to handle an exception within your code then go ahead and use a try/catch block. But if you're simply displaying the exception message, that is totally unnecessary.

[benanamen]

Thanks to @Jacques1,  set_exception_handler is my new best friend. I unloaded a ton of unnecessary try/catch blocks on a very large project I am doing.