I am trying to create login through pdo sqlsrv

657 Views Asked by At

I'm new to PDO and I'm trying to fetch data but every time i enter my details my getting wrong details error. My registration is workin perfect, but when i'm entering login details it's showing me wrong details. I am attaching code here. connection file

class Database {   
    private $host = "*****";
    private $dbname = "*****";
    private $username = "*****";
    private $password = "*****";
    public $conn;

    public function dbConnection() {
        $this->conn = null;    
        try {
            $this->conn = new PDO("sqlsrv:Server=" . $this->host . ";Database=" . $this->dbname, $this->username, $this->password);
            $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);   
        } catch(PDOException $exception) {
            echo "Connection error: " . $exception->getMessage();
        }

        return $this->conn;
    }
}

my class

require_once('dbconfig.php');

class USER {    
    private $conn;

    public function __construct() {
        $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;
    }


    public function doLogin($uname,$umail,$upass) {
        try {
            $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email,    user_pass FROM cust WHERE user_name=:uname OR user_email=:umail ");
            $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
            if($stmt->rowCount() == 1) {
                if(password_verify($upass, $userRow['user_pass'])) {
                    $_SESSION['user_session'] = $userRow['user_id'];
                    return true;
                } else {
                    return false;
                }
            }
        } catch(PDOException $e) {
            echo $e->getMessage();
        }
    }
}

call to doLogin()

<?php
   session_start();
   require_once("class.user.php");
   $login = new USER();

   if($login->is_loggedin()!="")
   {
     $login->redirect('services.php');
   }

   if(isset($_POST['btn-login']))
   {
     $uname = strip_tags($_POST['txt_uname_email']);
     $umail = strip_tags($_POST['txt_uname_email']);
     $upass = strip_tags($_POST['txt_password']);

     if($login->doLogin($uname,$umail,$upass))
     {
        $login->redirect('services.php');
     }
     else
     {
       $error = "Wrong Details !";
     }  
  }
?>
1

There are 1 best solutions below

0
On BEST ANSWER

The $stmt->rowCount() does not return a valid result in some cases unless you run a store_result() before testing the number of row returned from a SELECT.

require_once('dbconfig.php');

class USER {    
    private $conn;

    public function __construct() {
        $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;
    }


    public function doLogin($uname,$umail,$upass) {
        try {
            $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email,user_pass 
                                        FROM cust 
                                        WHERE user_name=:uname 
                                           OR user_email=:umail ");
            $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));

            // new line
            $stmt->store_result();

            if($stmt->rowCount() == 1) {
                // moved inside if as no point reading result unless one exists
                $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

                if(password_verify($upass, $userRow['user_pass'])) {
                    $_SESSION['user_session'] = $userRow['user_id'];
                    return true;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        } catch(PDOException $e) {
            echo $e->getMessage();
        }
    }
}

Alternatively you could just do

    public function doLogin($uname,$umail,$upass) {
        try {
            $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email,user_pass 
                                        FROM cust 
                                        WHERE user_name=:uname 
                                           OR user_email=:umail ");
            $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));

            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

            if(!empty($userRow)) {

                if(password_verify($upass, $userRow['user_pass'])) {
                    $_SESSION['user_session'] = $userRow['user_id'];
                    return true;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        } catch(PDOException $e) {
            echo $e->getMessage();
        }
    }
}