Jump to content

PDO: Problem with login system


Recommended Posts

I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here?


	// if fields in form are set and submitted, check if user exists and is logged in or not
		$databaseClass = new Database;
		$dbconnect = $databaseClass->connectToDatabase();

		$username = $_POST['username'];
		$password = $_POST['password'];

		$stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username");
		$stmt->bindParam(':username', $username);
		$count = $stmt->fetchColumn();
		$row = $stmt->fetch(PDO::FETCH_ASSOC);
		//$row = $stmt->fetch(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";

	// test
Link to comment
Share on other sites


You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result.


Change the code to

if ($row){
// do login stuff
// login failed


I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just

if ($row) {} else {}
there should be no need for
if ($row == 1 && password_verify($password, $row['password'])) {}
? At least that is what I am getting from this...
Link to comment
Share on other sites

You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102.




Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have:

if ($row && password_verify($password, $row['password'])) {}

But that doesn't work either, I went from fixing things to breaking them again. ::)

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.