PHP Login Troubles Using PDO Options

[SBH]

Am sure that I don't need to say this, but the for security & privacy reasons, the values XXXXX, YYYYY & ZZZZZ for sql-username, sql-password & dbname are the real, original names.

[CharlesEF]

As for @CharlesEF, I've replaced the 'funny quotes' with normal double quotes. What more can I do?

There is nothing more to do. If you have changed the original code then you should be able to log in now. I know it works, I tested it. I even posted the PHP error message regarding the smart quotes problem. It showed that PHP was making the smart quotes part of the variable value and that is why you were not able to log in.

Now, if you changed the new code masonh928 posted, and I see you have made some changes, then you have other problems to worry about. I will only point out the 1 error you need to fix in order to log in. This line of code needs to be changed:

CODE

$stmt->bindValue(':passwrd', $passwrd, PDO::PARAM_STR, 40);

To this:

CODE

$stmt->bindValue(':passwrd', $passwrd, PDO::PARAM_STR);

You should now be able to log in.

[SBH]

There is nothing more to do. If you have changed the original code then you should be able to log in now. I know it works, I tested it. I even posted the PHP error message regarding the smart quotes problem. It showed that PHP was making the smart quotes part of the variable value and that is why you were not able to log in.

Now, if you changed the new code masonh928 posted, and I see you have made some changes, then you have other problems to worry about. I will only point out the 1 error you need to fix in order to log in. This line of code needs to be changed:

CODE

$stmt->bindValue(':passwrd', $passwrd, PDO::PARAM_STR, 40);

To this:

CODE

$stmt->bindValue(':passwrd', $passwrd, PDO::PARAM_STR);

You should now be able to log in.

Thanks @CharlesEF. When you say you have tested & it works, do you get the message "You have Logged in", when you echo $message? Thanks.

[CharlesEF]

Your current code displays several messages and 1 of them is the "You have Logged in" message.

[masonh928]

This merits much change in my perspective will post more later.

[masonh928]

All I did was add bindValue();

I never edited

CODE

PDO::PARAM_STR, 40

[masonh928]

Charles are you saying my code was causing issues or the code he edited of mine was problematic?

[CharlesEF]

All I did was add bindValue();

I never edited

CODE

PDO::PARAM_STR, 40

I know you didn't, the OP added this because (I think) it was used with bindParam before.

[CharlesEF]

Charles are you saying my code was causing issues or the code he edited of mine was problematic?

Wow, you posted this while I was posting. I think the OP caused this problem by changing things.

[masonh928]

Yeah, the OP should read this:

bindValue vs bindParam

[masonh928]

That's why I prefer bindValue() better…

[masonh928]

This will be last post hopefully, just create a class exclusively for logging in. It will be a heck of a lot more simpler and faster.

[masonh928]

@Charles - I never even really payed much heed to them, they looked odd, I just thought it was the forum messing with them or something. To avoid this, I prefer double-quotes. I believe those weird quotes might have been the main error in his original code.

[SBH]

That's why I prefer bindValue() better…

Ok there, I posted the larger code as that was the one that I obtained from a website. As for this bind Param Vs Value debate, I modified it to the latter.

Now the question I have is if you can help me in the original code. I am really struggling in going from the login page to the main page, which I need to work on a lot.

To @CharlesEF's comment that there are a lot of messages, some were already coded when I obtained them. Some I have put to test the flow of the program. In particular, seems that the control does not go beyond password_hash (that I put in place of sha1).

So in short, you can say that I need a comprehensive help in actually compiling a login script & "move" to a new web page. Can you please help? If possible, by giving me a code that'd help. Thanks.

[masonh928]

If you are referring to redirecting to main page after successful login, it is quite simple:

CODE

…
//other code…
header("Location: link.php?Link=This+is+where+User+is+Redirected");
…

The session that you gave the value of user_id will be accessible anywhere on the server where you use session_start();'



You need to include session_start() on the top of page, everywhere you use sessions, including registration page.

This post has been edited by masonh928: Aug 15 2015, 12:11 PM

[SBH]

@masonh928 - Ok lemme try again. Used the header redirection command once, but was unable to get there. I am sure there's something very basic that I keep botching up.

I know this might be a trouble, but can you give me the code you modified & tested that I can copy-paste as is.

[CharlesEF]

That's why I prefer bindValue() better…

Ok there, I posted the larger code as that was the one that I obtained from a website. As for this bind Param Vs Value debate, I modified it to the latter.

Now the question I have is if you can help me in the original code. I am really struggling in going from the login page to the main page, which I need to work on a lot.

To @CharlesEF's comment that there are a lot of messages, some were already coded when I obtained them. Some I have put to test the flow of the program. In particular, seems that the control does not go beyond password_hash (that I put in place of sha1).

So in short, you can say that I need a comprehensive help in actually compiling a login script & "move" to a new web page. Can you please help? If possible, by giving me a code that'd help. Thanks.

password_hash() requires PHP v5.5 or higher. If you don't have that version then I would recommend you using the phpass found here. Don't you look at your php error log? This error will show up there.

[masonh928]

You are correct Charles was going to say exactly what you said Charles. lol

[masonh928]

this was it before you showed the whole code, minor changes…

CODE

$usrname = filter_var($_POST['usrname'], FILTER_SANITIZE_STRING);
    $passwrd = filter_var($_POST['passwrd'], FILTER_SANITIZE_STRING);

    /*** now we can encrypt the password ***/
    $passwrd = password_hash($passwrd, PASSWORD_DEFAULT);
    
    /*** connect to database ***/
    /*** mysql hostname ***/
    $mysql_hostname = 'localhost';

    /*** mysql username ***/
    $mysql_username = "XXXXX";

    /*** mysql password ***/
    $mysql_password = "YYYYY";

    /*** database name ***/
    $mysql_dbname = ‘ZZZZZ’;

    try
    {
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname",
                $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the select statement ***/
        $stmt = $dbh->prepare("SELECT * FROM U_Authentications WHERE username = :usrname AND password = :passwrd");

        /*** bind the parameters ***/
        $stmt->bindValue(":usrname", $usrname);
        $stmt->bindValue(":passwrd", $passwrd);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $user_id = $stmt->fetchAll();

        /*** if we have no result then fail boat ***/
        if(count($user_id) < 1){
                $message = 'Login Failed';
        } else{
                /*** set the session user_id variable ***/
                $_SESSION['user_id'] = $user_id;

                /*** tell the user we are logged in ***/
                $message = 'You are now logged in';
        }

    } catch(Exception $e){
        /*** if we are here, something has gone wrong with the database ***/
        $message = 'We are unable to process your request. Please try again later<br>';
        $message .= $e->getMessage();
    }

[masonh928]

Or just turn on error_reporting(E_ALL);

haha