使用SqlSrv在PHP中登录页面

Question

I have a problem, I create a login page for DashBoard (with SqlSrv in database) When the password in the DB and the password typed by the user are the same I can not even connect to when. This is my code :

<?php    
session_start();

    $serverName = "A106MVP19\SQLEXPRESS";   
    $uid = "sa";     
    $pwd = "root";    
    $databaseName = "FormaSport";   

    $connectionInfo = array( "UID"=>$uid,                              
                         "PWD"=>$pwd,                              
                         "Database"=>$databaseName);   

    /* Connect using SQL Server Authentication. */    
    $conn = sqlsrv_connect( $serverName, $connectionInfo);  
    if( $conn === false ) 
    {
     die( print_r( sqlsrv_errors(), true));
    }   


if(isset($_POST) && !empty($_POST['emailCo']) && !empty($_POST['mot_de_passeCo'])) 
    {   
    $login = $_POST["emailCo"];
    $pass  = $_POST["mot_de_passeCo"];
    extract($_POST);

    $sql = "SELECT pass FROM Formateur WHERE mail='".$login."'";
    $req =  sqlsrv_query($conn, $sql) or die('Erreur SQL!<br>'.$sql.'<br>');


    $data = sqlsrv_fetch_array($req, SQLSRV_FETCH_ASSOC);

echo $data['pass']."<br />";    //for view the pass for the user in database
echo $pass."<br />";   //for view the input pass
echo gettype($data['pass'])."<br />";   // type of pass in DB
echo gettype($pass)."<br />";  // type pass input

    if($pass !== $data['pass'])
        {
        echo '<p>Mauvais login / password. Merci de recommencer</p>';
        include('index.html'); // On inclut le formulaire d'identification en dessous du message d'information
        exit;
        }
    else
        {
        $_SESSION['login'] = $login;
        echo 'Vous etes bien logué';
        // Mettre une redirection ici 
        // redirection here
        }    
    }   
    else {
    echo '<p>Vous avez oublié de remplir un champ.</p>';
    include('index.html'); // On inclut le formulaire d'identification
    exit;
}


?>

How you can view here :

echo $data['pass']."<br />";    //for view the pass for the user in database
echo $pass."<br />";   //for view the input pass
echo gettype($data['pass'])."<br />";   // type of pass in DB
echo gettype($pass)."<br />";  // type pass input

I have test the type of password and they are the same.

If everyone view where I have make an error, I need your help !

Thank a lot. Pokky.

PS : (Sorry for the "frenglish")

Answer 1

You must put your query into a PHP loop, so the search will be executed in the database.

$sql = "SELECT pass FROM Formateur WHERE mail='".$login."'";
$req =  sqlsrv_query($conn, $sql) or die(print_r(sqlsrv_errors(),true));

if(sqlsrv_has_rows($req) != 1){
    echo "* Error! no result found OR more than one result found";
}else{
    while($data = sqlsrv_fetch_array($req, SQLSRV_FETCH_ASSOC)){
        $_SESSION['id'] = $data[0];
        $_SESSION['login'] = $data[1];
    }
}

Also, I recommend checking the password in the database as well and using PDO class for authentication, but in this case, you have to check if the extension for PDO is enabled in your PHP configuration in the server.