Page 1 of 1

PHP LOGIN Problems

Posted: Fri Feb 06, 2015 8:22 pm
by kwaabs
Hi, I have this PHP code that I'm working on. From my 'calcutations' its supposed to work but Its not working as it should. And I need help. Please help me fix it

index.php

Code: Select all

<?php 

                                $errors = array(
                                    1=>"Invalid user name or password, Try again",
                                    2=>"Please login to access this area"
                                  );

                                $error_id = isset($_GET['err']) ? (int)$_GET['err'] : 0;

                                if ($error_id == 1) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }elseif ($error_id == 2) {
                                        echo '<p class="text-danger">'.$errors[$error_id].'</p>';
                                    }
                               ?>  

                              <form action="authenticate.php" method="POST" class="form-signin col-md-8 col-md-offset-2" role="form">  
                                  <input type="text" name="username" class="form-control" placeholder="Username" required autofocus><br/>
                                  <input type="password" name="password" class="form-control" placeholder="Password" required><br/>
                                  <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                             </form>


authenticate.php

Code: Select all

<?php

    require("database-config.php");
    
    if(!empty($_POST))
    {
        $query = "
            SELECT
                id,
                username,
                password,
                salt,
				role
            FROM users
            WHERE
                username = :username
        ";
        
        $query_params = array(
            ':username' => $_POST['username']
        );
        
        try
        {
            $stmt = $dbh->prepare($query);
            $result = $stmt->execute($query_params);
        }
        catch(PDOException $ex)
        {
            die("Failed to run query: " . $ex->getMessage());
        }
        
        $login_ok = false;
        
        $row = $stmt->fetch();
        if($row)
        {
            $check_password = hash('sha256', $_POST['password'] . $row['salt']);
            if($check_password === $row['password'])
            {
                $login_ok = true;
            }
        }
        
        if($login_ok)
        {
        
            unset($row['salt']);
            unset($row['password']);
            
            $_SESSION['user'] = $row;
          
			if($result->rowCount() == 0){
		header('Location: index.php?err=1');
	}else{

		$row = $result->fetch(PDO::FETCH_ASSOC);

		session_regenerate_id();
		$_SESSION['sess_user_id'] = $row['id'];
		$_SESSION['sess_username'] = $row['username'];
        $_SESSION['sess_userrole'] = $row['role'];

        echo $_SESSION['sess_userrole'];
		session_write_close();

		if( $_SESSION['sess_userrole'] == "admin"){
			header('Location: adminhome.php');
		}else{
			header('Location: userhome.php');
		}
		
		
	}
        }
       
    }
    
?>

Re: PHP LOGIN Problems

Posted: Fri Feb 06, 2015 8:44 pm
by Celauran
kwaabs wrote:Its not working as it should
Well, what is it doing? What errors are you getting?

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 1:05 am
by kwaabs
Its supposed to redirect to the admin page or the user page. But it doesnt redirect to any page at all.

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 6:01 am
by Strider64
make sure you put an

Code: Select all

exit();
after the header();

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 8:05 am
by kwaabs
I dont understand how you mean strider64

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 8:55 am
by Celauran
It's a little hard to read due to inconsistent indentation, but it looks like all the redirects are happening inside the $login_ok block, so if the password is incorrect, the script just terminates. Have you stepped through the code to see where it fails?

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 9:07 am
by kwaabs
@@@strider64


Would you have me send you the codes so you help me?
I' seriously confused right now. I dont know how to fix this.
Please help

Re: PHP LOGIN Problems

Posted: Sun Feb 08, 2015 9:58 am
by kwaabs
I have gone through the codes, yes.. It seems faulty bad i cant really point where the problem is