Jump to content

PDO: Problem with login system


Go to solution Solved by benanamen,

Recommended Posts

I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here?

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$databaseClass = new Database;
		$dbconnect = $databaseClass->connectToDatabase();

		$username = $_POST['username'];
		$password = $_POST['password'];

		$stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username");
		$stmt->bindParam(':username', $username);
		$stmt->execute();
		$count = $stmt->fetchColumn();
		$row = $stmt->fetch(PDO::FETCH_ASSOC);
		//$row = $stmt->fetch(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";
		}
	}

	// test
	var_dump($username);
	var_dump($password);
?>
Link to comment
https://forums.phpfreaks.com/topic/306647-pdo-problem-with-login-system/
Share on other sites

 

You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result.

 

Change the code to

if ($row){
// do login stuff
}
else{
// login failed
}

 

I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just

if ($row) {} else {}
there should be no need for
if ($row == 1 && password_verify($password, $row['password'])) {}
? At least that is what I am getting from this...

You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102.

 

https://github.com/benanamen/perfect_app/blob/master/public/login.php

 

Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have:

if ($row && password_verify($password, $row['password'])) {}

But that doesn't work either, I went from fixing things to breaking them again. ::)

Edited by phreak3r
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.