Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
* * * * * 1 votes

Referencing - http://forum.codecall.net/topic/69771-creating-a-simple-yet-secured-loginregistration-with-php5/

php

This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 frankball8

frankball8

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 06 April 2015 - 05:45 AM

I am trying to work with http://forum.codecal...tion-with-php5/ and I can't figure out what is going wrong

 

 

The insert function is working fine, it inserts into the table and puts in the encrypted password, but I am having trouble getting the login to work!

 

This is the class code that I modified slightly:

 

<?php


 class Users {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";


public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}


public function storeFormValues($postvars) {
//store the parameters
$this->__construct($postvars); 
}


public function userLogin() {


$success = false;


try{
$hostname = "localhost";
$dbname = "customertest";
$user = "user";
$pw = "root";
$connstr = "mysql:host=$hostname;dbname=$dbname";
$conn = new PDO($connstr,$user,$pw); 
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM employeetest WHERE login = :username AND password = :password LIMIT 1";


$stmt = $conn->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();


$valid = $stmt->fetchColumn();


if( $valid ) {
$success = true;
}


$conn = null;
return $success;
} #end try
catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}


public function register() {
$correct = false;
try {
$hostname = "localhost";
$dbname = "customertest";
$user = "user";
$pw = "root";
$connstr = "mysql:host=$hostname;dbname=$dbname";
$conn = new PDO($connstr,$user,$pw); 
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO employeetest(login, password) VALUES(:username, :password)";


$stmt = $conn->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}
catch( PDOException $e ) {
return $e->getMessage();
}
}


 }


?>
 
I don't know why he uses fetchColumn instead of fetchAll...but yeah, I'm really stuck, and I've looked over the whole thing maybe twenty times.





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download