The insert function is working fine, it inserts into the table and puts in the encrypted password, but I am having trouble getting the login to work!
This is the class code that I modified slightly:
<?php
class Users {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
public function storeFormValues($postvars) {
//store the parameters
$this->__construct($postvars);
}
public function userLogin() {
$success = false;
try{
$hostname = "localhost";
$dbname = "customertest";
$user = "user";
$pw = "root";
$connstr = "mysql:host=$hostname;dbname=$dbname";
$conn = new PDO($connstr,$user,$pw);
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM employeetest WHERE login = :username AND password = :password LIMIT 1";
$stmt = $conn->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
}
$conn = null;
return $success;
} #end try
catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$hostname = "localhost";
$dbname = "customertest";
$user = "user";
$pw = "root";
$connstr = "mysql:host=$hostname;dbname=$dbname";
$conn = new PDO($connstr,$user,$pw);
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO employeetest(login, password) VALUES(:username, :password)";
$stmt = $conn->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}
catch( PDOException $e ) {
return $e->getMessage();
}
}
}
?>
I don't know why he uses fetchColumn instead of fetchAll...but yeah, I'm really stuck, and I've looked over the whole thing maybe twenty times.
Edited by frankball8, 06 April 2015 - 05:42 AM.