mysql select with and not working properly

Question

0.00/5 (No votes)

See more:

I've been battling with this for a good 5 hrs now my login script is now returning nothing.
At first it was allowing people with wrong details to Login; I made a few changes and it started denying all users, even the ones with correct login details. I removed my password condition and it retrieved the user correctly. I also then again removed the username condition and replaced it with the password condition and it retrieved all users with the same password, but when I have both conditions it returns `null`, wrong or right credentials...

PHP

    <?php
  include( '../config.php' );

  session_start();
  if( isset( $_POST['login'] ) ) {
    $username = $_POST['username'];
    $password = mysql_real_escape_string(stripslashes($_POST['password']));
    $salt = "ghvhgcfchgvbhvgkhbh";
    echo $username.'<br>';
    try{
      $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
      $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
      $sql = "SELECT * FROM users WHERE username = :username And password = :password";

      $stmt = $con->prepare( $sql );
      $stmt->bindValue( "username", $username, PDO::PARAM_STR );
      $stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
      $stmt->execute();

      $valid = $stmt->fetch();
      echo '<br> it fetches'.$valid['username'];
      print_r($valid);
      $con = null;
      if( $valid ) {
        echo '<br> its valid';
        print_r($valid);
        $_SESSION['user'][0] = $valid['username'];
        if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
        //if(!empty($_SESSION['LogUrl'])){header("Location: ../{$_SESSION['LogUrl']}");}
        else{header("Location:   ../index.php"); }
      } else {
        $_SESSION['errors'] = 'AuthLogin';
        header("Location: AuthPage.php");
      }
    }
    catch (PDOException $e) {
      echo "chian ".$e->getMessage();
    }
  } else {
    echo 'Oops SeEye went blind!!!';
  }
?>

Here is my registration script just incase there's a change to my password that happens which i'm oblivious too...

PHP

  <?php
  include( '../config.php' );
  //Include The Database Connection File

  if( (isset( $_POST['register'] )) && empty($_SESSION['user']))//If a username has been submitted
   {
    $username = $_POST['usernam'];//Some clean up :)
    $password = $_POST['password'];//Some clean up :)
    $salt = "ghvhgcfchgvbhvgkhbh";

  try{
    $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
    $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
    $sql = "SELECT * FROM users WHERE username='.$username.'";

    $stmt = $con->prepare( $sql );

    $stmt->execute();

    $row  = $stmt-> fetch();
    $con = null;
    if( !$row) {
            try {
               $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
               $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
               $sql = "INSERT INTO users(username, password, Date_Joined)
               VALUES(:username, :password,   :Date_Joined)";

   $stmt = $con->prepare( $sql );
   $stmt->bindValue( "username", $username, PDO::PARAM_STR );
   $stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
   $stmt->bindValue( "Date_Joined", date("Y-m-d"), PDO::PARAM_STR );
   $stmt->execute();
   $con = null;
   session_start();
   $_SESSION['user'][0] = $_POST['usernam'];
   if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
     if(!empty($_SESSION['LogUrl'])){header("Location: {$_SESSION['LogUrl']}");}
      else{header("Location: ../index.php"); }
  }catch( PDOException $e ) {
     echo $e->getMessage();
   }
  }
   else
      {
        echo '0ops something went wrong';//No Record Found - Username is available
      }
 }catch (PDOException $e) {
 echo $e->getMessage();
 }
} else {
    echo 'Oops SeEye went blind!!!';
  }
?>

Thank You in advance again

Posted 20-Oct-13 23:00pm

mlingo209

Updated 20-Oct-13 23:10pm

phil.o

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)