phreak3r Posted February 25, 2018 Share Posted February 25, 2018 I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here? <?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $databaseClass = new Database; $dbconnect = $databaseClass->connectToDatabase(); $username = $_POST['username']; $password = $_POST['password']; $stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $count = $stmt->fetchColumn(); $row = $stmt->fetch(PDO::FETCH_ASSOC); //$row = $stmt->fetch(PDO::FETCH_ASSOC); // if username and password match, init session and redirect to another page. if ($row == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo "Incorrect username or password."; } } // test var_dump($username); var_dump($password); ?> Link to comment Share on other sites More sharing options...
benanamen Posted February 25, 2018 Share Posted February 25, 2018 Assuming you have error reporting properly setup, start with var_dump'ing $row and make sure it returns what you expect it to. Link to comment Share on other sites More sharing options...
phreak3r Posted February 25, 2018 Author Share Posted February 25, 2018 Assuming you have error reporting properly setup, start with var_dump'ing $row and make sure it returns what you expect it to. Welp, $row is not printing anything out at all. Link to comment Share on other sites More sharing options...
phreak3r Posted February 25, 2018 Author Share Posted February 25, 2018 Nevermind, $row is now printing out the array. But, still not logging in properly. Link to comment Share on other sites More sharing options...
benanamen Posted February 25, 2018 Share Posted February 25, 2018 You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result. Change the code to if ($row){ // do login stuff } else{ // login failed } Link to comment Share on other sites More sharing options...
phreak3r Posted February 25, 2018 Author Share Posted February 25, 2018 You see the problem now right? You are incorrectly expecting if ($row == 1. The var dump shows you what the result is which is an array of the result. Change the code to if ($row){ // do login stuff } else{ // login failed } I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just if ($row) {} else {} there should be no need for if ($row == 1 && password_verify($password, $row['password'])) {}? At least that is what I am getting from this... Link to comment Share on other sites More sharing options...
benanamen Posted February 25, 2018 Share Posted February 25, 2018 You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102. https://github.com/benanamen/perfect_app/blob/master/public/login.php Link to comment Share on other sites More sharing options...
phreak3r Posted February 25, 2018 Author Share Posted February 25, 2018 You still need to do the password_verify. Take a look at my repo login script from lines 40 to 102. https://github.com/benanamen/perfect_app/blob/master/public/login.php Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have: if ($row && password_verify($password, $row['password'])) {} But that doesn't work either, I went from fixing things to breaking them again. Link to comment Share on other sites More sharing options...
phreak3r Posted February 25, 2018 Author Share Posted February 25, 2018 Nevermind, Kev, I sorted it out. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.