PDO connection login

Question

Would you please help me sort this problem out. I don't know what I'm doing wrong. My connection to database working correct but I'm unable to login.

login.php

<?php

session_start();

$username= $_POST["username"];
$password= $_POST["password"];

include("/inc/connect.inc.php");

if(!isset($conn)){
 $conn = null;
 header('Location: index.php');
}

else{
$query = $conn->prepare("SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password'");
$query ->execute(array(':username' =>$username, ':password' =>$password)
   );


  if (   ($query->rowCount() == 0) && (   ($password == null) or ($username == null)  )  ){
          echo "<h3>Please enter your username and password</h3>"; 
          $conn = null;
          header("Refresh: 3;URL=index.php");
 }  
 else if  ($query->rowCount() == 1)   
 {
         $_SESSION['user_logged'] = $_POST['username'];
         unset($username);
         unset($password);
         echo "<h3>Your password is correct</h3>";
         $conn = null; 
         header("Refresh: 3;URL=interface.php");
   }

  else  {
          echo "<h3>The username / password combination entered is incorrect!</h3>";
          unset($username);
          unset($password);
          $conn = null;
          header("Refresh: 3;URL=index.php");
 }  
}


?>

Previously I didn't understand stackoverflow rules. I hope this time my question is more accurate. I have done lot of work to get to this point and only have a problem with login to my database now. My $query = $conn->prepare not finding anything. It's jumping to The username / password combination entered is incorrect! at any time. If I leave username or/and password empty or putting correct username and password always the same result.

Answer 1

I am posting this because it is an answer that addresses the real issue as to why the OP's code isn't working.

Firstly, a typo in bname which should read as dbname in your connection.

Now, you are mixing MySQL APIs with mysql_ functions and PDO.

• Those different APIs do not intermix with each other.

In comments you said:

"You are welcome to convert my code to PDO. I can understand that this code is mixed up but have no idea how to fix it."

• I don't like coming off as or sounding like the "bad man" here, but that isn't our job to convert your mysql_ code to PDO, it's yours. We don't convert code on Stack, we help out with problematic code.

There are plenty of tutorials out there for you to learn and use.

Here are but a few, which you can further your research on Stack/Google:

• http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
• http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059
• http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html

There is also the manuals on PHP.net

• http://php.net/manual/en/ref.pdo-mysql.php
• http://php.net/manual/en/pdo.query.php

On Stack:

• How can I properly use a PDO object for a parameterized SELECT query

---

Regarding MD5 for passwords:

$password = md5($password);

MD5 is old and considered broken and no longer safe to use for password storage.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

---

"I'm getting blank screen. Any ideas?"

Regarding "a blank screen".

This means you have syntax errors.

Doing error_reporting(0); means "Turn off all error reporting"

As per the manual on PHP.net

• http://php.net/manual/en/function.error-reporting.php

What you need to do is turn error reporting on, not off.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Answer 2

1st step. Change

$conn = new PDO('mysql:host=localhost;bname='.$database.'charset=utf8',$username,$password);

to

$conn = new PDO('mysql:host=localhost;dbname='.$database.';charset=utf8',$username,$password);

2st. You use mysqli and pdo in one project. For what?

Answer 3

If you look in the connection string there is a typo:

Take a look at the examples here http://php.net/manual/en/pdo.connections.php

Update: You seem to be totally lost so I'll step by step the code and the reason for things not working. The code I write will be filled with echo and print statements.

1.) You need to check your database connection but you have no code to do this. The connection might be fine but PHP does not throw an error.

try
{
$conn = new PDO('mysql:host=localhost;dbname=' . $database . 'charset=utf8', $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    if(is_object($conn) && $conn != false)
    { 
         echo "I'm connected. PDO is ready and willing";        
    }
    else
    {
        echo "Sorry something went  horribly wrong! Not connected to database";
    {


}
catch(PDOException $e)
{
    throw new pdoDbException($e);         
    echo die('Error Message:'.$e->getMessage());
}

2.) It will look like your connection is not working because none of functions is calling a connection. The connection object created is outside of the functions scope.

function user_exists($username)
{ 
    global $conn; // bring the connection object into scope
    $username = sanitize($username);
    $query = $conn->prepare("SELECT COUNT(user_id) FROM users WHERE username = :username");
$query ->execute(array(
    ':username' =>$username
));
 $user = $query->fetch(PDO::FETCH_ASSOC);
 return $user. ' exists in database';

}

3.) there's lots of code but none of the functions looks like they are being called at runtime. Test for user exists and if database connection works at runtime in the init.php file

<?php

session_start();

require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';

$errors = array();
// call a function  to check if user exists.
echo user_exists('user_123');

?>