User Login not working, query issue ( PDO, MySQL, PHP )
Question
I went on rampage of changing from the about to be deprecated MySQL, I'm currently starting with my user login system which I am unable to login after changing the querys and such. Here is what I've got so far.
As there aren't any errors given AT ALL, It's not redirecting me to my index.php.
login.php -> after loging redirects to index.php
What could be wrong with my current login code?
includes/db.php
try { $db = new PDO("mysql:host=127.0.0.1; dbname=timeline_database", 'root', ''); } catch( PDOException $e ) { echo $e->getMessage(); }includes/Wall_Updates.php
class Wall_Updates { private $db; public function __construct ( $db ){ $this->db = $db; } public function User_Login($_iUsername,$_iPassword) { $md5_password = md5($_iPassword); $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = ? AND _iPassword = ? AND _iStatus = 1"); $sth->execute(array($_iUsername, $md5_password)); if ($sth->rowCount() == 1) { $row = $sth->fetch(PDO::FETCH_ASSOC); return $row['_iD']; } else { return false; } } public function User_Registration($_iPassword,$_iEmail,$_iNickname,$_iUsername) { $md5_password = md5($_iPassword); $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iEmail = ? "); $sth->execute(array($_iEmail)); if ($sth->rowCount() == 0) { $sth1 = $db->prepare("INSERT INTO users (_iPassword,_iEmail,_iNickname,_iUsername) VALUES ( :_iPassword, :_iEmail, :_iNickname, :_iUsername "); $sth1->execute(array(':_iPassword' => $_iPassword, ':_iEmail' => $_iEmail, ':_iNickname' => $_iNickname, ':_iUsername' => $_iUsername )); $sth3 = $db->prepare("SELECT _iD FROM users where _iUsername = ?"); $sth3->execute(array($_iUsername)); $sth2 = $db->prepare("INSERT INTO friends (friend_one,friend_two,role) VALUES ( :rowiD, :_rowiD, :me "); $sth2->execute(array(':rowiD' => $row['_iD'], ':rowiD' => $row['_iD'], ':me' => me )); $row = $sth1->fetch(PDO::FETCH_ASSOC); return $row['_iD'] ; } else { return false; } }}
login.php
include_once 'includes/db.php'; include_once 'includes/Wall_Updates.php'; error_reporting( E_ALL ); session_start(); if(!empty($_SESSION['_iD'])) { header("location:index.php"); } $Wall = new Wall_Updates( $db ); $login_error = ''; if(!empty($_POST['_iUsername']) && !empty($_POST['_iPassword'])){ if ( strlen($_POST['_iUsername'])>0 && strlen($_POST['_iPassword'])>0) { $login = $Wall->User_Login( $_POST['_iUsername'],$_POST['_iPassword'] ); if( $login ){ $_SESSION['_iD'] = $login; header("location: index.php"); } else { $login_error="<div class='error' style='margin-top: -2px; margin-bottom: -8px;' ><span class='error'>Email or Password is invalid</span></div><br>"; } } } html begins <?php echo $login_error; ?></div> <form method="post" action="" name="login"> <input class="_iUsernameClass" type="text" placeholder="_iUsername" name="Username" id="login._iEmail"> <input class="_iPasswordClass" type="password" placeholder="_iPassword" name="Password" id="login._iPassword"> <button class="primary" type="submit"></button> </form> html ends
1 answers
solution1
1 2013-05-23 01:41:20
First thing I see is that you need to use bindValue() . Try adhering to this structure for your query builds:
$sth = $this->db->prepare("
SELECT _iD
FROM users
WHERE _iUsername = :username
AND _iPassword = :password");
$sth->bindValue(":username", $_iUsername, PDO::PARAM_STR);
$sth->bindValue(":password", $md5_password, PDO::PARAM_STR);
$sth->execute();
$result = $sth->fetch(PDO::FETCH_ASSOC); // returns id or false
Just a side note to keep in mind:
fetch(PDO::FETCH_ASSOC)
Returns only one record, and:
fetchAll(PDO::FETCH_ASSOC)
Returns all (multiple) records.
BTW, I did not review all of your code due to time constraints. This is only the first issue I encountered.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.