Quote:
Originally Posted by Dormilich
the problem is that by calling $valid = $stmt->fetchColumn(); you get the first field’s value and then move to the next result row (that doesn’t exist). hence if you want to get the data out of the original row, you need to change that line. bear in mind that the original code was never interested in DB data in the first place.
|
ugh, almost there...It is displaying the username now, but when the tab is exited and then reopened you are required to log in again. I'd assume it was this line:
if (!isset($_POST['submit'])) {
updated login method:
PHP Code:
public function userLogin() {
//success variable will be used to return if the login was successful
$sucess = false;
try {
//create our pdo object
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
//set how pdo will handle errors
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//this would be our query
$sql = "SELECT * FROM `users` WHERE `username` = :username AND `password` = :password";
//prepare the statements
$stmt = $con->prepare($sql);
//give value to named parameter :username
$stmt->bindValue("username", $this->username, PDO::PARAM_STR);
//give value to named parameter :password
$stmt->bindValue("password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR);
$stmt->execute();
$vMem = $stmt->fetch(); //Check data returned & set $_SESSION variables
if ($vMem) {
$success = true;
$_SESSION['loggedin'] = 1;
$_SESSION['username'] = $vMem['username'];
$_SESSION['userid'] = $vMem['id'];
$_SESSION['level'] = $vMem['level'];
$userIp = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
$con = null;
return $success;
} catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
login script:
PHP Code:
<?php
$usr = new Users($_POST);
if (!isset($_POST['submit'])) {
echo "<form method='POST' action=''>
<input type='text' style='position:relative;top:10px;right:25.5%;float:right;border-radius:5px;padding-left:5px;height:20px;' placeholder='Username' name='username' />
<input type='password' style='position:relative;top:10px;right:-6%;float:right;border-radius:5px;padding-left:5px;height:20px;' placeholder='password' name='password' />
<input type='submit' style='position:relative;top:12px;right:-28.5%;float:right;border-radius:5px;' name='submit' value='Sign In' />
<input type='hidden' name='submitted' value='1' />
</form>
<a href='#' style='text-decoration:none;float:right;position:relative;top:35px;right:-10%;'>Forgot Username?</a>
<a href='#' style='text-decoration:none;float:right;position:relative;top:35px;right:-37.5%;'>Forgot Password?</a>"; } else {
if ($usr->userLogin()) {
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == 1)
echo "<p>Welcome ," . $_SESSION['username'] . '</p>'; }
else { echo "<p style='color:red;'>Invalid Username/Password</p>";
echo "<form method='POST' action=''>
<input type='text' style='position:relative;top:10px;right:25.5%;float:right;border-radius:5px;padding-left:5px;height:20px;' placeholder='Username' name='username' />
<input type='password' style='position:relative;top:10px;right:-6%;float:right;border-radius:5px;padding-left:5px;height:20px;' placeholder='password' name='password' />
<input type='submit' style='position:relative;top:12px;right:-28.5%;float:right;border-radius:5px;' name='submit' value='Sign In' />
<input type='hidden' name='submitted' value='1' />
</form>
<a href='#' style='text-decoration:none;float:right;position:relative;top:35px;right:-10%;'>Forgot Username?</a>
<a href='#' style='text-decoration:none;float:right;position:relative;top:35px;right:-37.5%;'>Forgot Password?</a>";
}
}
?>