Having problems with the $username and $email variables. In the database, only the first letter of each variable's value is displayed. Also, when attempting to log in, I always receive my "Invalid username/password" error message even when the values are correct.
classes:
PHP Code:
<?php
include "config.php";
class Users {
private $username;
private $password;
private $email;
private $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
private $ip;
//Get user information
public function __construct($data = array()) {
if (isset($data['username'])) {
$this->username = $data['username'];
}
if (isset($data['password'])) {
$this->password = $data['password'];
}
if (isset($data['email'])) {
$this->email = $data['email'];
}
}
public function userLogin() {
//success variable will be used to return if the login was successful
$sucess = false;
try {
//create our pdo object
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
//set how pdo will handle errors
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//this would be our query
$sql = "SELECT * FROM `users` WHERE `username` = :username AND `password` = :password LIMIT 1";
//prepare the statements
$stmt = $con->prepare($sql);
//give value to named parameter :username
$stmt->bindValue("username", $this->username, PDO::PARAM_STR);
//give value to named parameter :password
$stmt->bindValue("password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR);
$stmt->execute();
$valid = $stmt->fetchColumn(); //Check data returned & set $_SESSION variables
if ($valid) {
$success = true;
$_SESSION['loggedin'] = 1;
$mem = $stmt->fetch();
$_SESSION['username'] = $mem['username'];
$_SESSION['userid'] = $mem['id'];
$_SESSION['level'] = $mem['level'];
$ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
$con = null;
return $success;
} catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$checkUsrs = "SELECT * FROM `users` WHERE `username`= :username";
$usrsChecked = $con->prepare($checkUsrs);
$usrsChecked->bindValue("username", $this->username, PDO::PARAM_STR);
$usrsChecked->execute();
$valid = $usrsChecked->fetchColumn();
if (!$valid) {
$sql = "INSERT INTO `users`(ip, username, password, email) VALUES(:ip, :username, :password, :email)";
$stmt = $con->prepare($sql);
$stmt->bindValue("ip", $this->ip, PDO::PARAM_STR);
$stmt->bindValue("username", $this->username, PDO::PARAM_STR);
$stmt->bindValue("password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR);
$stmt->bindValue("email", $this->email, PDO::PARAM_STR);
$stmt->execute();
return "<p>Registration was successful - </p> <a href='#login'>You may now login</a>";
}
else echo "<p>Username already taken</p>";
} catch (PDOException $e) {
return $e->getMessage();
}
}
function getIp() {
$this->ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$this->ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$this->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $this->ip;
}
}
?>
Login form script:
PHP Code:
<?php
$usr = new Users($_POST['username'], $_POST['password']);
if ($_POST['submitted'] == 1 or isset($_POST['submit']))
{
if ($usr->userLogin()) {
echo "Welcome ," . $_SESSION['username'];
} else {
echo "<p style='color:red;'>Invalid Username/Password</p>";
}
}
?>
register page script:
PHP Code:
<?php
$usr = new Users($_POST['username'], $_POST['password'], $_POST['email']); //create new instance of the class Users
if (isset($_POST['submit']) or $_POST['submitted'] == 1)
{
$usrIP = $usr->getIp();
echo $usr->register($_POST['username'], $_POST['password'], $_POST['email'], $usrIP);
}
?>