I've been battling with this for a good 5 hrs now my login script is now returning nothing.
At first it was allowing people with wrong details to Login; I made a few changes and it started denying all users, even the ones with correct login details. I removed my password condition and it retrieved the user correctly. I also then again removed the username condition and replaced it with the password condition and it retrieved all users with the same password, but when I have both conditions it returns `null`, wrong or right credentials...
<?php
include( '../config.php' );
session_start();
if( isset( $_POST['login'] ) ) {
$username = $_POST['username'];
$password = mysql_real_escape_string(stripslashes($_POST['password']));
$salt = "ghvhgcfchgvbhvgkhbh";
echo $username.'<br>';
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username = :username And password = :password";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetch();
echo '<br> it fetches'.$valid['username'];
print_r($valid);
$con = null;
if( $valid ) {
echo '<br> its valid';
print_r($valid);
$_SESSION['user'][0] = $valid['username'];
if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
else{header("Location: ../index.php"); }
} else {
$_SESSION['errors'] = 'AuthLogin';
header("Location: AuthPage.php");
}
}
catch (PDOException $e) {
echo "chian ".$e->getMessage();
}
} else {
echo 'Oops SeEye went blind!!!';
}
?>
Here is my registration script just incase there's a change to my password that happens which i'm oblivious too...
<?php
include( '../config.php' );
if( (isset( $_POST['register'] )) && empty($_SESSION['user']))
{
$username = $_POST['usernam'];
$password = $_POST['password'];
$salt = "ghvhgcfchgvbhvgkhbh";
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username='.$username.'";
$stmt = $con->prepare( $sql );
$stmt->execute();
$row = $stmt-> fetch();
$con = null;
if( !$row) {
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users(username, password, Date_Joined)
VALUES(:username, :password, :Date_Joined)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $password . $salt), PDO::PARAM_STR );
$stmt->bindValue( "Date_Joined", date("Y-m-d"), PDO::PARAM_STR );
$stmt->execute();
$con = null;
session_start();
$_SESSION['user'][0] = $_POST['usernam'];
if (isset( $_SESSION['errors'] )){unset($_SESSION['errors']);}
if(!empty($_SESSION['LogUrl'])){header("Location: {$_SESSION['LogUrl']}");}
else{header("Location: ../index.php"); }
}catch( PDOException $e ) {
echo $e->getMessage();
}
}
else
{
echo '0ops something went wrong';
}
}catch (PDOException $e) {
echo $e->getMessage();
}
} else {
echo 'Oops SeEye went blind!!!';
}
?>
Thank You in advance again