Chidi Chidi - 4 months ago 16
MySQL Question

login into two different areas on one login form

I'm trying to get user login into two different areas on one login form based on a criteria. The problem I'm having is that if the correct passwords are provided, everything works fine but when a wrong password is provided, nothing happens, it doesn't even echo the password error alert! What could be wrong and is my code okay?

Thanks

if(isset($_POST['login'])){

$username=$_POST['username'];
$password=$_POST['password'];

$username = stripslashes($username);
$password = stripslashes($password);
$username = $username;
$password = $password;

//$pass = md5($password);

$stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();

if($stmt->rowCount()<1){

echo 'INVALID USERNAME OR PASSWORD';

}else{
$password = $_POST['password'];
list($hash) = $stmt->fetch(PDO::FETCH_NUM);

if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;

$status1 = "COMPLETED";
$status2 = "UNCOMPLETED";

$stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];

if(strcmp($status, $status1) == 0){

header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){

header("location: uncompleted/index.php");
exit();
}else{

echo 'INVALID USERNAME OR PASSWORD';

}
}
}
}

Answer

The problem was that my else was in the wrong place. I had it after the if/elseif strcmp statements. It should be after the if (password_verify($password, $hash)) block.

it was noticed from phpfreak forum. Credits to him thus the correct code:

            if(isset($_POST['login']))
            {
                $username = stripslashes($_POST['username']);
                $password = stripslashes($_POST['password']);

                $stmt = $pdo->prepare("SELECT password FROM table WHERE username=:username");
                $stmt->bindValue(':username', $username, PDO::PARAM_STR);
                $stmt->execute();

                if($stmt->rowCount()<1)
                {
                    echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">&times;</span></button>INVALID USERNAME OR PASSWORD</div></p>';
                }
                else
                {
                    $password = $_POST['password'];
                    list($hash) = $stmt->fetch(PDO::FETCH_NUM);

                    if (password_verify($password, $hash))
                    {
                        $_SESSION['username'] = $username;

                        $status1 = "COMPLETED";
                        $status2 = "UNCOMPLETED";

                        $stmt = $pdo->query("SELECT status FROM table WHERE username ='$_SESSION[username]'");
                        $check = $stmt->fetch(PDO::FETCH_ASSOC);
                        $status = $check['status'];

                        if(strcmp($status, $status1) == 0)
                        {
                            header("location: completed/index.php");
                            exit();
                        }
                        elseif(strcmp($status, $status2) == 0)
                        {
                            header("location: uncompleted/index.php");    
                            exit();
                        }  
                    }
                    else
                    { 
                        echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">&times;</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
                    } 
                }
            }