PHP Login Troubles Using PDO |
PHP Login Troubles Using PDO |
SBH |
Aug 11 2015, 05:05 AM
Post
#1
|
Member Group: Members Posts: 82 Joined: 6-February 15 Member No.: 22,158 |
I searched & went through a few threads on PHP login scripts. Since I could not find a way out, I am posting my code & requesting for help, as I'm not sure why the login doesn't happen. Thanks.
'Login Failed' is the message I persistently get. You can see in the bottom if-else condition within the Try Loop CODE $usrname = filter_var($_POST['usrname'], FILTER_SANITIZE_STRING); $passwrd = filter_var($_POST['passwrd'], FILTER_SANITIZE_STRING); /*** now we can encrypt the password ***/ $passwrd = sha1( $passwrd ); /*** connect to database ***/ /*** mysql hostname ***/ $mysql_hostname = 'localhost'; /*** mysql username ***/ $mysql_username = ‘XXXXX’; /*** mysql password ***/ $mysql_password = ‘YYYYY’; /*** database name ***/ $mysql_dbname = ‘ZZZZZ’; try { $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password); /*** $message = a message saying we have connected ***/ /*** set the error mode to excptions ***/ $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /*** prepare the select statement ***/ $stmt = $dbh->prepare("SELECT username, password FROM U_Authentications * WHERE username = :usrname AND password = :passwrd"); /*** bind the parameters ***/ $stmt->bindParam(':usrname', $usrname, PDO::PARAM_STR); $stmt->bindParam(':passwrd', $passwrd, PDO::PARAM_STR, 40); /*** execute the prepared statement ***/ $stmt->execute(); /*** check for a result ***/ $user_id = $stmt->fetchColumn(); /*** if we have no result then fail boat ***/ if($user_id == false) { $message = 'Login Failed'; } /*** if we do have a result, all is well ***/ else { /*** set the session user_id variable ***/ $_SESSION['user_id'] = $user_id; /*** tell the user we are logged in ***/ $message = 'You are now logged in'; } } catch(Exception $e) { /*** if we are here, something has gone wrong with the database ***/ $message = 'We are unable to process your request. Please try again later"'; } |
CharlesEF |
Aug 12 2015, 06:03 AM
Post
#2
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
In addition to what Christian said about the * character, I see some funny single quote characters also, like:
CODE /*** mysql username ***/ $mysql_username = ‘XXXXX’; /*** mysql password ***/ $mysql_password = ‘YYYYY’; /*** database name ***/ $mysql_dbname = ‘ZZZZZ’; Seems you have both types of single quotes spread around. You should change them to normal single quotes. Also, your try block looks funny. A try/catch block catches an error (like connecting to your database) but you seem to be trying to catch all errors under the sun. This post has been edited by CharlesEF: Aug 12 2015, 06:05 AM |
SBH |
Aug 12 2015, 06:06 AM
Post
#3
|
Member Group: Members Posts: 82 Joined: 6-February 15 Member No.: 22,158 |
Ok lemme reply to both of you on by one.
First @Christian J - Yes, Login Failed is what I get, despite I using the username/password combo, which I've populated in the mysql table. As for the *, you can ignore. It's a copy paste mistake on my part. @CharlesEF - The funny try block, as you call them, + quotes are stuff that I copy-pasted from a website as is. Will try to change that & see if that helps in any way. This post has been edited by SBH: Aug 12 2015, 06:10 AM |
Lo-Fi Version | Time is now: 28th April 2024 - 01:04 PM |