Jump to content

class method for login form not working


shan

Recommended Posts

recently i changed my password for my mysql DB and after that the class method for the login form seems to be not working pl help me. And it doesn't throw up any errors too.

the code in dbconfig.inc.php where the class is initiated is as follows:

 
 
<?php
session_start();
$host="localhost";
$dbName="project";
$dbUname="root";
$dbPass="*****";


try
{
$conn=new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


}
catch (PDOException $e)
{
    $e->getMessage();
}
require_once 'classes.inc.php';


$project= new projecteg($conn);


the login logic script page is as follows:(i tried to var_dump user its not working)

 

<?php
           


include_once 'dbconfig.inc.php';
if (isset($_POST['submit-login'])) {
$uname= htmlentities($_POST['unamel']);
$unamel= stripslashes($uname);
echo "$unamel";
$pass= htmlentities($_POST['passl']);
$pass1= stripslashes($pass);
echo $pass1;
$passl=  md5($pass1);
$user = $project->viewProtectedArea($unamel,$passl);
print_r($user);
    if (isset($user)) {
       
                 $_SESSION['id']=$user['user_id'];
                  $_SESSION['fname']=$user['fname'];
                   $_SESSION['lname']=$user['lname'];
                  $_SESSION['uname']=$user['uname'];
                  $_SESSION['email']=$user['email'];
                  $_SESSION['phone']=$user['phone'];
                  $_SESSION['app']=TRUE;
                  $user_ok=TRUE;
                   header("location: ../home.php?u={$_SESSION['uname']}"); 


                  
    }  else {
        header("location: ../index.php?nosession");
    }










} 
/*
if (isset($_SESSION['app'])&&$_SESSION['uname']!="") {
   header("location: ../home.php?u=".$_SESSION['uname']);                       
                  } else {
                      header("location: ../index.php?usernotfound?id=017");
                  }
  */ 

the class method logic is as follows:

 

public function viewProtectedArea($unamel,$passl) 
                {
               try
               {
                   $active='1';
                   $stmth= $this->_db->prepare("select * from user where uname=:uname and pass=:pass and activated={$active}");
                   $stmth->bindparam(":uname",$unamel);
                   $stmth->bindparam(":pass",$passl);
                   $stmth->execute();
                  return $stmth->fetch(PDO::FETCH_ASSOC);
                 
                  }
                  
               
               catch (PDOException $exc)
               {
                   $exc->getMessage();
                   return false;
               
               }
               
           }
Edited by shan
Link to comment
Share on other sites

 

<?php

$host="localhost";
$dbName="project";
$dbUname="root";
$dbPass="";

try
{
$conn=new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

}
catch (PDOException $e)
{
 $e->getMessage(); //line 18
}
require_once 'classes.inc.php';

$project= new projecteg($conn);


as asked im posting you the code

Link to comment
Share on other sites

Could you run this and post the response please:

 

<?php
$host = "localhost";
$dbName = "project";
$dbUname = "root";
$dbPass = "";
 
try {
    $conn = new PDO("mysql: host=$host;dbname=$dbName; charset=utf8", $dbUname, $dbPass);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    exit('ERROR: ' . $e->getMessage());
}
require_once 'classes.inc.php';
 
$project = new projecteg($conn);
Link to comment
Share on other sites

your query isn't matching any row(s).  for this condition, which isn't a query error, the ->fetch() method returns a boolean false and the ->fetchAll() method returns an empty array.

 

do the two form variables contain what you expect? are you using the same hashing method on the password when trying to login as when the account was registered (note: md5() is not suitable for hashing passwords. see the password_hash()/password_verify() functions.) is your pass field in the database table large enough to hold the hashed password?

 

and in your viewProtectedArea() method, the catch block for the pdo exception needs to do SOMETHING with the error information . just listing the $exc->getMessage(); on a line doesn't do anything with the value. you should log the error information on a live server and display the information when developing/debugging. if you use php's trigger_error() statement, rather than an exit()/die() statement to handle the error message, it uses php's error_reporting/display_errors/log_errors settings to control where the error information goes to.

 

edit: you would want to use something like this to handle the pdo exception message -

trigger_error("Query: $query, Error: {$e->getMessage()}, File: {$e->getFile()}, Line: {$e->getLine()}");

you should be forming your sql statement in a php variable, i.e. $query in this example, so that you can include it in the error handling.

Edited by mac_gyver
Link to comment
Share on other sites

You should actually get rid of this silly try-catch stuff altogether.

 

The whole point of making PDO throw exceptions is that you do not have to manually check every single query for errors. With exceptions, query errors are automatically detected and trigger a fatal error with all relevant information.

 

If you prefer to copy-and-paste the same error handling procedure over and over again, you don't need exceptions (but I'd rather do the opposite: keep the exceptions, get rid of the error code).

Link to comment
Share on other sites

You should actually get rid of this silly try-catch stuff altogether.

 

The whole point of making PDO throw exceptions is that you do not have to manually check every single query for errors. With exceptions, query errors are automatically detected and trigger a fatal error with all relevant information.

 

If you prefer to copy-and-paste the same error handling procedure over and over again, you don't need exceptions (but I'd rather do the opposite: keep the exceptions, get rid of the error code).

I agree. You can use set_exception_handler to capture any unhandled PDO exceptions to do what you're doing in one single location. If you actually need to handle an exception within your code then go ahead and use a try/catch block. But if you're simply displaying the exception message, that is totally unnecessary.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.