PHP Login Troubles Using PDO Options

[SBH]

this was it before you showed the whole code, minor changes…

CODE

$usrname = filter_var($_POST['usrname'], FILTER_SANITIZE_STRING);
    $passwrd = filter_var($_POST['passwrd'], FILTER_SANITIZE_STRING);

    /*** now we can encrypt the password ***/
    $passwrd = password_hash($passwrd, PASSWORD_DEFAULT);
    
    /*** connect to database ***/
    /*** mysql hostname ***/
    $mysql_hostname = 'localhost';

    /*** mysql username ***/
    $mysql_username = "XXXXX";

    /*** mysql password ***/
    $mysql_password = "YYYYY";

    /*** database name ***/
    $mysql_dbname = ‘ZZZZZ’;

    try
    {
        $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname",
                $mysql_username, $mysql_password);
        /*** $message = a message saying we have connected ***/

        /*** set the error mode to excptions ***/
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        /*** prepare the select statement ***/
        $stmt = $dbh->prepare("SELECT * FROM U_Authentications WHERE username = :usrname AND password = :passwrd");

        /*** bind the parameters ***/
        $stmt->bindValue(":usrname", $usrname);
        $stmt->bindValue(":passwrd", $passwrd);

        /*** execute the prepared statement ***/
        $stmt->execute();

        /*** check for a result ***/
        $user_id = $stmt->fetchAll();

        /*** if we have no result then fail boat ***/
        if(count($user_id) < 1){
                $message = 'Login Failed';
        } else{
                /*** set the session user_id variable ***/
                $_SESSION['user_id'] = $user_id;

                /*** tell the user we are logged in ***/
                $message = 'You are now logged in';
        }

    } catch(Exception $e){
        /*** if we are here, something has gone wrong with the database ***/
        $message = 'We are unable to process your request. Please try again later<br>';
        $message .= $e->getMessage();
    }

Thanks @masonh928. You'd have guessed by now, but I'm fairly new to PHP. Question I have in the backdrop of my PHP version being 5.3.29, what's the hashing algorithm that I use? md5 or something else.

@CharlesEF - Thanks for the link, that I see is most helpful. If not a trouble, can i reach out to you both later for questions pertaining to salting, stretching, etc.?

[CharlesEF]

If you have any other problems just post it here. Someone will help (if they can).

[SBH]

Sure will do, for now can I get help on the algorithm to be used?

[CharlesEF]

I already gave you my recommendation, phpass. Use it instead of anything PHP might offer.

[masonh928]

yes if you don't have php 5.5 or the latter then I HIGHLY suggest phpass. If you do have php 5.5., which you don't, then use PHP's NATIVE Password hashing function, password_hash() and password_verify() they do all the work for you. So this not currently a viable option, use phpass.

[masonh928]

You can ask away, we don't bite… lol

[SBH]

You can ask away, we don't bite… lol

:-)

But guys, I'm still not getting it. For testing purpose, I'm used both pHpass (which I downloaded) and sha1. Can I trouble you with a sample script? I guess an important thing is also where I place the page to which I want control to be transferred once logged in. My header and form action commands are again failing me.

[CharlesEF]

It would be better if you attached the required pages to a post so we can download and see your entire work.

[SBH]

@CharlesEF - Will do mostly tomorrow.

[masonh928]

ok when you do, post your example.

[SBH]

ok when you do, post your example.

Putting this on hold for a while. In the meantime, a new issue has cropped up. Will post that separately. Thanks,

[masonh928]

and E_STRICT