login page doesn't show error and doesn't login php

Question

this validation page doesn't show error and doesn't redirect to the home page. I check if it reach the verifying from the databse and it works fine but doesn't redirect the page so I think that the problem is with "$user = $req->fetch()" help plz

if(isset($_POST['login'])){

 $username = $_POST['username'];
$password = $_POST['password'];
 $pc = md5($password);

$req = $pdo->prepare('SELECT * FROM users WHERE nom= :username AND pass= :password');
$req->execute(array(
    'username' => $username,
    'password' => $pc,
    ));

 if ($user = $req->fetch()) {
    $_SESSION['auth'] = $user;
    header("location:home.php");
    exit();

 }

 else{
 echo"<script> alert('LE NOM D UTILISATEUR OU LE MOTS DE PASSE INCORRECTE')</script>";
}

If your `echo"` is firing (is it firing?), that would tell you, in certainty, that the `if ($user = $req->fetch())` condition is failing. — mferly, Apr 14 '16 at 01:02
the problem here is this. `if ($user = $req->fetch())` you're assigning instead of comparing `if ($user == $req->fetch())` — Funk Forty Niner, Apr 14 '16 at 01:17
I got this error [Undefined variable: user] when I use comparing @Fred -ii- — Davina, Apr 14 '16 at 01:24
then `if ($username == $req->fetch())` since you have no `$user` variable. — Funk Forty Niner, Apr 14 '16 at 01:36
Put the following lines on the top of your code and debug :- ` ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); ` It should show you all the errors and you can debug from there onwards — codenathan, Apr 14 '16 at 01:38
this give me the script message that means that it suppose the username and password false! — Davina, Apr 14 '16 at 01:40
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. You're using MD5 here which is is a huge mistake, it's **completely inadequate** and can be cracked almost instantly. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.2/authentication) that's been tested and reviewed by professionals. — tadman, Apr 14 '16 at 01:59

score 0 · Answer 1 · answered Apr 14 '16 at 02:22

I agree with @tadman you should looking into using a framework that rather than implementing your own access control later. using md5 on its own is not a good way of hashing your passwords . Please at least try to add a salt. Anyway this should work for you . Just replace the db, user and pass for the database connection. Again i wouldn't put these directly on a view.

if(isset($_POST['login'])){

    $host = '127.0.0.1';
    $db   = 'tester';
    $user = 'root';
    $pass = 'root';
    $charset = 'utf8';

    $username = $_POST['username'];
    $password = $_POST['password'];
    $pc = md5($password);

    $dsn = "mysql:host=$host;dbname=$db;charset=$charset";

    $opt = [
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        PDO::ATTR_EMULATE_PREPARES   => false,
    ];

    $pdo = new PDO($dsn, $user, $pass, $opt);


    $stmt = $pdo->prepare('SELECT * FROM users WHERE nom= :username AND pass= :password');

    $stmt->execute(['username' => $username,'password'=>$pc]);

    if($user = $stmt->fetch()){
         $_SESSION['auth'] = $user;
        header("location:home.php");
        exit();

    }else{
        echo"<script> alert('LE NOM D UTILISATEUR OU LE MOTS DE PASSE INCORRECTE')</script>";
    }
}

thanks but this code also doesn't diplay error and doesn"t login :'( — Davina, Apr 14 '16 at 08:44
are you using session_start(); at the beginning of every page? — codenathan, Apr 14 '16 at 23:51
the error was in home page in session_start(); now it works thanks — Davina, Apr 16 '16 at 00:32

login page doesn't show error and doesn't login php

1 Answers1