0

The login page to an admin dashboard - index.php, with every aspect of the site is working perfectly locally, but when i uploaded it on a web server, my login page keeps throwing the Seems you have not registered. error. I have imported the database accordingly and edited the database connection file to reflect that of the web server. I have gone through the code severally. All the suggestions i saw online didn't help.

I saw somewhere that steep difference in php versions might be the cause. My WAMP is running a php version of 7.0.10 while the web server is running a 7.2.31. Does that count?

I hosted the site on 000webhost - if that would be on any help.

I have attached my index.php and my database connection file (with the new web server details)

index.php


<?php
//index.php

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

include("./database/dbnew.php");

if (isset($_SESSION["usertype"])) {
    header("location:dashboard.php");
}

$message = '';

if(isset($_POST["login"])) {
    $query = "SELECT * FROM user WHERE email = :email";
    $statement = $connect->prepare($query);
    $statement->execute( array('email' => $_POST["user_email"]) );
    $count = $statement->rowCount();
    if($count > 0) {
        $result = $statement->fetchAll();
        foreach($result as $row) {
            if(password_verify($_POST["user_password"], $row["password"])) {
                if($row['user_status'] == 'Active') {
                    $_SESSION['usertype'] = $row['usertype'];
                    $_SESSION['userid'] = $row['id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['last_login'] = $row['last_login'];
                    $_SESSION['user_status'] = $row['user_status'];
                    header("location:dashboard.php");
                } else {
                    $message = "<label>Your account is disabled, Please contact the administrator</label>";
                }
            } else {
                $message = '<div class="alert alert-danger">Wrong Email Address/Password Combination</div>';
            }
        }
    } else {
        $message = '<div class="alert alert-warning">Seems you have not registered yet</div>';
    }
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Inventory Management System</title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js" integrity="sha384-vFJXuSJphROIrBnz7yo7oB41mKfc8JzQZiCq4NCceLEaO4IHwicKwpJf9c9IpFgh" crossorigin="anonymous"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/bootstrap.min.js" integrity="sha384-alpBpkh1PFOepccYVYDB4do5UnbKysX5WZXm3XxPqe5iKTfUKjNkCk9SaVuEZflJ" crossorigin="anonymous"></script>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/bootstrap.min.css" integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous">
    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
    <link rel="stylesheet" type="text/css" href="./includes/style.css">
    <script type="text/javascript" rel="stylesheet" src="./js/main.js"></script>
 </head>
<body>
<div class="overlay"><div class="loader"></div></div>
    <!-- Navbar -->
    
    
    <br/><br/>
    <div class="container">

    
        <h3 align="center">Blessed Pharmacy Inventory </h3>
        <div class="card mx-auto" style="width: 20rem;">
          <img class="card-img-top mx-auto" style="width:60%;" src="./images/login.png" alt="Login Icon">
          <div class="card-body">
          <form method="post">
                <?php echo $message; ?>
              <div class="form-group">
                <label for="exampleInputEmail1">Email address</label>
                <input type="email" class="form-control" name="user_email" id="user_email" placeholder="Enter email" required>
                <small id="e_error" class="form-text text-muted">We'll never share your email with anyone else.</small>
              </div>
              <div class="form-group">
                <label for="exampleInputPassword1">Password</label>
                <input type="password" class="form-control" name="user_password" id="user_password" placeholder="Password" required>
                <small id="p_error" class="form-text text-muted"></small>
              </div>

              <div class="form-group">
              <button type="submit" name="login" value="Login" class="btn btn-primary"><i class="fa fa-lock">&nbsp;</i>Login</button>
             </div> 
              <!-- <span><a href="register.php">Register</a></span> -->
            </form>
          <!-- </div>
          <div class="card-footer"><a href="#">Forget Password ?</a></div>
        </div> -->
    </div>

</body>
</html>

dbnew.php

<?php

//database_connection

$connect = new PDO('mysql:host=localhost;xxxxxxxxxxx_inv_db', 'xxxxxxxxxxx_root', 'xxxxxxxxxxx_password');
session_start();
?>
Ken Lee
  • 6,985
  • 3
  • 10
  • 29
2 Sam 22-38-43
  • 25
  • 6
  • 1
    If those are real credentials you put in the question, I'd suggest you urgently change them. – El_Vanja Jan 27 '21 at 13:41
  • First, using phpMyAdmin check that the database on the server really does have the email account you are using on one of the `user` table rows – RiggsFolly Jan 27 '21 at 13:47
  • You should be coding an `exit;` after a `header('Location: ...);` function call. That does not stop script execution, it just send a header to the browser telling it to redirect to a new page – RiggsFolly Jan 27 '21 at 13:51
  • @KenLee I started a session in my database connection file and included it on all my pages. – 2 Sam 22-38-43 Jan 27 '21 at 13:52

1 Answers1

1

PDO's rowCount() method is notoriously flakey when used with SELECT statements. It's intended for INSERTs, UPDATEs, and DELETEs.

Refactor it out ... something like this.

    $count = 0
    $result = $statement->fetchAll();
    foreach($result as $row) {
        $count++
        if(password_verify($_POST["user_password"], $row["password"])) {
            if($row['user_status'] == 'Active') {
                $_SESSION['usertype'] = $row['usertype'];
                $_SESSION['userid'] = $row['id'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['last_login'] = $row['last_login'];
                $_SESSION['user_status'] = $row['user_status'];
                header("location:dashboard.php");
            } else {
                $message = "<label>Your account is disabled, Please contact the administrator</label>";
            }
        } else {
            $message = '<div class="alert alert-danger">Wrong Email Address/Password Combination</div>';
        }
    } /* end foreach($result as $row) */
    if ($count == 0) {
        $message = '<div class="alert alert-warning">Seems you have not registered yet</div>';
    }
    elseif ($count > 1) {
        $message = '<div class="alert alert-danger">More than one email match!!! Should not happen!!!</div>';
    }
O. Jones
  • 103,626
  • 17
  • 118
  • 172