Jump to content

PDO: Problem with login system

Go to solution Solved by benanamen,

Recommended Posts

I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here?


	// if fields in form are set and submitted, check if user exists and is logged in or not
		$databaseClass = new Database;
		$dbconnect = $databaseClass->connectToDatabase();

		$username = $_POST['username'];
		$password = $_POST['password'];

		$stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username");
		$stmt->bindParam(':username', $username);
		$count = $stmt->fetchColumn();
		$row = $stmt->fetch(PDO::FETCH_ASSOC);
		//$row = $stmt->fetch(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";

	// test
Link to comment
Share on other sites


You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result.


Change the code to

if ($row){
// do login stuff
// login failed


I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just

if ($row) {} else {}
there should be no need for
if ($row == 1 && password_verify($password, $row['password'])) {}
? At least that is what I am getting from this...
Link to comment
Share on other sites

You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102.




Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have:

if ($row && password_verify($password, $row['password'])) {}

But that doesn't work either, I went from fixing things to breaking them again. ::)

Edited by phreak3r
Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.