Jump to content

PDO: Problem with login system


Go to solution Solved by benanamen,

Recommended Posts

I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here?

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$databaseClass = new Database;
		$dbconnect = $databaseClass->connectToDatabase();

		$username = $_POST['username'];
		$password = $_POST['password'];

		$stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username");
		$stmt->bindParam(':username', $username);
		$stmt->execute();
		$count = $stmt->fetchColumn();
		$row = $stmt->fetch(PDO::FETCH_ASSOC);
		//$row = $stmt->fetch(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";
		}
	}

	// test
	var_dump($username);
	var_dump($password);
?>
Link to post
Share on other sites
  • Solution

You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result.

 

Change the code to

if ($row){
// do login stuff
}
else{
// login failed
}
Link to post
Share on other sites

 

You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result.

 

Change the code to

if ($row){
// do login stuff
}
else{
// login failed
}

 

I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just

if ($row) {} else {}
there should be no need for
if ($row == 1 && password_verify($password, $row['password'])) {}
? At least that is what I am getting from this...
Link to post
Share on other sites

You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102.

 

https://github.com/benanamen/perfect_app/blob/master/public/login.php

 

Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have:

if ($row && password_verify($password, $row['password'])) {}

But that doesn't work either, I went from fixing things to breaking them again. ::)

Edited by phreak3r
Link to post
Share on other sites
This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.