Hi Guys!

So im making a small application based around a basic mvc structure. I have three folders: Model, View and Controller
The view code is:

<?php
session_start();
require_once('../Controller/loginController.php');
?>
<!DOCTYPE HTML>
<html>
 <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
    <title>Energy Checker: Login</title>
</head>

<body>

  <div class="formLogin">
   <h2>Login to your account</h2>
   <form id="loginfrm" method="post">

     <?php
     if(isset($error))
     {
      ?>
      <div class="loginAlert">
      <?php echo $error; ?>
    </div>
    <?php
  }
  ?>

  <label>Username: </label>
  <input type="text" name ="txtUsername"placeholder="Username" required/>
  <label>Password: </label>
  <input type="password" name ="txtPassword" placeholder="Password"required/>
  <br>


  <input type="submit" name="btn-login" value="Login">
</form>
</div>
</body>
</html>

The controller code is:

   <?php
    require_once('config.php');
    require_once('../Model/loginModel.php');

$user = new Login();

if(isset($_POST['btn-login']))
{
    $Username = strip_tags($_POST['txtUsername']);
    $Password = strip_tags($_POST['txtPassword']);

    if($user->getLogin($Username,$Password))
    {
        $user->redirect('../View/calculator.php');
    }
    else
    {
        $error = "Wrong Details!";
    }   
}

?>

and the model code is:

<?php
require_once('../Controller/config.php');

class Login
{

private $dbconn;

    public function __construct()
    {
        $database = new Database();
        $db = $database->dbConnection();
        $this->dbconn = $db;
    }

    public function getLogin($Username,$Password)
    {
        try
        {
            $stmt = $this->dbconn->prepare("SELECT * FROM users WHERE Username=:user");
            $stmt->execute(array(':user'=>$Username));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
            if($stmt->rowCount() == 1)
            {
                if(password_verify($Password, $userRow['Password']))
                {
                    $_SESSION['user_session'] = $userRow['Username'];
                    return true;
                }
                else
                {
                    return false;
                }
            }
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
        }
    }
}

?>

For some reason, whenever i enter details into the login form even if theyre correct i get the "Wrong details" error and im not sure why.
Any help will be appreciated.

Did you check what the password_verify function actually does? Do you have the correct hash stored in your user record?

Member Avatar for diafol
 $stmt = $this->dbconn->prepare("SELECT * FROM users WHERE Username=:user");
        $stmt->execute(array(':user'=>$Username));
        $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
        if($stmt->rowCount() == 1)
        {
            if(password_verify($Password, $userRow['Password']))
            {
                $_SESSION['user_session'] = $userRow['Username'];
                return true;
            }
            else
            {
                return false;
            }
        }

This looks a little shambly. Don't use PDO rowCount() on SELECT queries - read the manual - there are workarounds for this. If there are two accounts with the same Username (which there shouldn't be obviously), this will fail (rowCount = 2). I'd use the LIMIT clause to force a stop on the search once a Username was found. Also if you just need the username and the user id:

"SELECT id, Username FROM users WHERE Username=? LIMIT 1"

So...

if($userRow=$stmt->fetch(PDO::FETCH_ASSOC)) {
      if(password_verify($Password, $userRow['Password'])) {
                $_SESSION['user_session'] = $userRow['Username'];
                return true;
       }
  }
  return false;
commented: Managed to fix it +0

@pritaeas Yeah my bad i realised i didnt have the correct hash value stored in my database. I just need to edit my register form to hash the values before theyre inserted and hopefully that should fix the problem

@Diafol Im more used to working with MySQLi and fairly new to PDO but thanks for the workaround.

It still doesnt seem to work.
Just says "Wrong Details!"

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.