用户名和密码以整数形式而不是字符串形式传递

Question

I'm creating a login script and its failing each time even when I input the correct credentials. I firstly thought this was to do with the crypt function which has been explained in depth and have done further research upon to find a good method.

Anyway I have remove the crypt function in both the login and register to test the login script. Upon removing this I still got an error which stated Invalid username or password .

I wanted to see what was actually been passed in my POST variables, so I echoed these variables as they are defined eg

$username = isset($_POST['username']);

echo $username;

outputs: 1

however

echo $_POST['username'];

outputs admin (which is the username I have been using)

If I remove the isset from this POST variable then I am returned with the true value but this still fails my login script.

I don't understand whats going wrong as I've used this same statement in a different function to test it and it works, instead of using POST variables I am already setting the username and password and then wrapping in a foreach statement and this works.

It must be something to do with my POST variables and the way I am handling it but I don't have the experience/knowledge to solve the problem. I can't understand why my POST data is returned as a integer but then even when I remove the isset tag my statement is still false?

Any input and help is greatly welcomed and appreciated.

Below is my code, if there's anything else required please ask:

index.php

<form id="loginForm" method="POST" action="classes/class.Login.php">
<input type="text" id="username" name="username" placeholder="Username"/>
<input type="password" id="password" name="password" placeholder="Password" class="showpassword"/> 
<input type="submit" name="submit" value="Log in"/>

classes/class.Login.php

public function loginuser() {

        $username = isset($_POST['username']);
        $password = isset($_POST['password']);

        //$salt = "boo";
        //$pw = crypt($password, $salt);

        $stmt = $this->pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1");
        $stmt->bindValue(":username", $_POST['username'], PDO::PARAM_STR);
        $stmt->bindValue(":password", $_POST['password'], PDO::PARAM_STR);

            if ($stmt->fetch(PDO::FETCH_ASSOC))
                {
                    $_SESSION['authorized'] = true;
                $_SESSION['username'] = $username;
                    header('Location: testloginrequired.php');
                } else {
                    echo "Invaild username or password. Try again";                             
                }
    }// end loginuser

Answer 1

Change:

 $username = isset($_POST['username']);

to :

    $username =  ($_POST['username']);

isset function returns a boolean value (true,false) , so your $username would be boolean (true or 1 ) not a string!

Answer 2

$username = isset($_POST['username']);

Is just checking if the variable is set. Get rid of the isset and change it simply to

$username = $_POST['username'];

If that doesn't work, then do this

$username = settype($username, "string");

Answer 3

Use construction:

if (isset($_POST['username'])) $username = $_POST['username'];

If you will remove "isset" check, you will get warning, if key 'username' will not exists in POST.

Improvement of your code:

$username = (isset($_POST['username'])) ? $_POST['username'] : '';

This is ternary operator and it's suitable in your case. If key 'username' exists in POST, then $username will equals $_POST['username'], otherwise $username will empty. Enjoy :)