PHP Login Troubles Using PDO Options

[SBH]

I searched & went through a few threads on PHP login scripts. Since I could not find a way out, I am posting my code & requesting for help, as I'm not sure why the login doesn't happen. Thanks.

'Login Failed' is the message I persistently get. You can see in the bottom if-else condition within the Try Loop

CODE

$usrname = filter_var($_POST['usrname'], FILTER_SANITIZE_STRING);
    $passwrd = filter_var($_POST['passwrd'], FILTER_SANITIZE_STRING);

    /*** now we can encrypt the password ***/
    $passwrd = sha1( $passwrd );
    
    /*** connect to database ***/
    /*** mysql hostname ***/
    $mysql_hostname = 'localhost';

    /*** mysql username ***/
    $mysql_username = ‘XXXXX’;

    /*** mysql password ***/
    $mysql_password = ‘YYYYY’;

    /*** database name ***/
    $mysql_dbname = ‘ZZZZZ’;

    try
    {
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname",
                $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the select statement ***/
        $stmt = $dbh->prepare("SELECT username, password FROM U_Authentications
    *              WHERE username = :usrname AND password = :passwrd");

        /*** bind the parameters ***/
        $stmt->bindParam(':usrname', $usrname, PDO::PARAM_STR);
        $stmt->bindParam(':passwrd', $passwrd, PDO::PARAM_STR, 40);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $user_id = $stmt->fetchColumn();

        /*** if we have no result then fail boat ***/
        if($user_id == false)
        {
                $message = 'Login Failed';
        }
        /*** if we do have a result, all is well ***/
        else
        {
                /*** set the session user_id variable ***/
                $_SESSION['user_id'] = $user_id;

                /*** tell the user we are logged in ***/
                $message = 'You are now logged in';
        }


    }
    
    catch(Exception $e)
    {
        /*** if we are here, something has gone wrong with the database ***/
        $message = 'We are unable to process your request. Please try again later"';
    }

[CharlesEF]

In addition to what Christian said about the * character, I see some funny single quote characters also, like:

CODE

/*** mysql username ***/
$mysql_username = ‘XXXXX’;

/*** mysql password ***/
$mysql_password = ‘YYYYY’;

/*** database name ***/
$mysql_dbname = ‘ZZZZZ’;

Seems you have both types of single quotes spread around. You should change them to normal single quotes.

Also, your try block looks funny. A try/catch block catches an error (like connecting to your database) but you seem to be trying to catch all errors under the sun.

This post has been edited by CharlesEF: Aug 12 2015, 06:05 AM

[SBH]

Ok lemme reply to both of you on by one.

First @Christian J - Yes, Login Failed is what I get, despite I using the username/password combo, which I've populated in the mysql table. As for the *, you can ignore. It's a copy paste mistake on my part.

@CharlesEF - The funny try block, as you call them, + quotes are stuff that I copy-pasted from a website as is. Will try to change that & see if that helps in any way.

This post has been edited by SBH: Aug 12 2015, 06:10 AM