Thanks for your time in advance.
I'm building an app with a login on it. On my proof of concept I used some old php, but then I realized I was vulnerable to SQL injection, so I switched to PDO.
I'm totally to PDO, so I don't fully understand how my code works ;). I'm getting an error telling me I have an "undefined password index on line 24". Can you show me what's wrong and what should I do?
Here's my code:
if ( isset ( $_POST ['loginButton'] ) ) {
$errMsg = '';
//username and password sent from Form
$username = trim ( $_POST ['username'] ) ;
$password = sha1 ( trim ( $_POST ['password'] ) ) ;
if ( empty ( $username ) ) {
$errMsg .= 'You must enter your Username<br>';
}
elseif ( empty ( $password ) ) {
$errMsg .= 'You must enter your Password<br>';
}
elseif ( $errMsg == '' ) {
$records = $databaseConnection->prepare ( 'SELECT * FROM users WHERE email = :username' ) ;
$records->bindParam ( ':username', $username ) ;
$records->execute () ;
$results = $records->fetch ( PDO::FETCH_ASSOC ) ;
if ( count ( $results ) > 0 && password_verify ( $password, $results ['password'] ) ) {
header ( 'location:dashboard.php' ) ;
exit;
}
else {
$errMsg .= 'Username and Password are not found<br>';
}
}
}
