- Joined
- Jul 21, 2021
- Messages
- 2
- Reaction score
- 1
So I recently upgraded to PHP 7 so that I could upgrade to PDO for security reasons, but I'm having a hard time getting the login to work correctly, So far I've managed to get the Signup working so that people can create an account with hashed passwords, which is nice, but the login script is showing "Email or Password wrong" (even though it isn't) and I have a feeling it might be where the passwords are hashed maybe the login needs to also be submitted a certain way? I'm not sure but heres the code for the login... Any help would be really appreciated, I'm new to PDO
Login Code..
Also I will include my Signup code here.... (which is working correctly btw)
Login Code..
Code:
<?php
session_start();
try {
include('/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php');
if (isset($_POST['loginbtn']))
{
$email = $_POST['email'];
$psw = $_POST['psw'];
if(empty($_POST["email"]) || empty($_POST["psw"]))
{
$message = '<label>All fields are required</label>';
}
else
{
$pdo = "SELECT * FROM `users` WHERE email = :email AND psw = :psw";
$stmt = $dbh->prepare($pdo);
$stmt->execute(
array(
'email' => $_POST["email"],
'psw' => $_POST["psw"]
)
);
$count = $stmt->rowCount();
if($count > 0)
{
$_SESSION["email"] = $_POST["email"];
header("location:../Account/loginsuccessful.php");
}
else
{
$message = '<label>Email or Password is wrong!</label>';
}
}
}
}
catch(PDOException $error)
{
$message = $error->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
if (isset($message)) {
echo '<label class"text-danger">'. $message .'</label>';
}
?>
</body>
</html>
Also I will include my Signup code here.... (which is working correctly btw)
Code:
<?php
include("/var/www/vhosts/myweb.co.uk/httpdocs/PHP/connect.php");
if (isset($_POST['create'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$psw = $_POST['psw'];
$pswrepeat = $_POST['pswrepeat'];
$date = $_POST['date'];
$pdo = $dbh->prepare("SELECT count(*) from `users` WHERE `email` = ?");
$pdo->bindParam(1, $email, PDO::PARAM_STR);
$pdo->execute();
$count = $pdo->fetchColumn();
if($count > '0'){
die("email already exists!");
}else{
if($psw == $pswrepeat){
$hashPassword = password_hash($psw, PASSWORD_DEFAULT);
$hashPassword2 = password_hash($pswrepeat, PASSWORD_DEFAULT);
$sql = $dbh->prepare("INSERT INTO `users` (email, psw, pswrepeat, username) VALUES (?, ? ,?, ?)");
$sql->bindParam(1, $email, PDO::PARAM_STR);
$sql->bindParam(2, $hashPassword, PDO::PARAM_STR);
$sql->bindParam(3, $hashPassword2, PDO::PARAM_STR);
$sql->bindParam(4, $username, PDO::PARAM_STR);
$sql->execute();
}
}
}
header("location:https://www.myweb.co.uk/Account/signupcomplete.php");
?>