Can't Login using php; always moves to else part

Question

The problem is whenever I try to login, it generates the following error:

Error ! Some thing is not right

Every time it moves to else part. Below is my code.

<?php 
        include_once 'session.php';
        include 'database.php'; 

?>

    <?php

            class  user{
                private $db;

                public function __construct(){
                    $this->db = new database();

                }

                public function userRegister($data){

                     $name = $data['name'];
                     $email = $data['email'];
                     $password = md5($data['password']);
                    $chk_email = $this->emailCheck($email);

                     if($name=="" or $email == "" or $password == "" ) {
                            echo "Field must not be empty . ";               
                     }
                     else if(filter_var($email,FILTER_VALIDATE_EMAIL)=== false){  
                                    $msg = "<div class ='alert alert-danger'><strong>Error ! </strong>Email address is not valid</div>";
                                            return $msg;

                        }

                        if ($chk_email==true){

                                    $msg = "<div class ='alert alert-danger'><strong>Error ! </strong>This email is already exist</div>";
                                    return $msg;

                        }

                        $sql= "INSERT INTO info_tbl(name,email,password)VALUES(:name,:email,:password)";
                        $query = $this->db->pdo->prepare($sql);

                        $query -> bindValue(':name',$name);
                        $query -> bindValue(':email',$email);
                        $query -> bindValue(':password',$password);

                        $result=$query->execute();
                        if($result) {
                            $msg = "<div class = 'alert alert-success'><strong>Success !</strong> Registration have been successfully.</div>";
                                return $msg; 
                        }

                }



            public function emailCheck($email){
                            $sql = "SELECT email FROM info_tbl WHERE email = :email ";
                            $query = $this->db->pdo->prepare($sql ); // prepare() is the method of PDO class;
                            $query->bindValue(':email',$email);  //bindValue() is the method of PDO class;
                            $query->execute();
                            if($query->rowCount()>0){
                                return true;
                            }else{
                                return false;
                            }       
                        }

                public function getLoginuser($email, $password){
                    $sql = "SELECT * FROM info_tbl WHERE email = :email AND password = :password LIMIT  1";   
                    $query = $this->db->pdo->prepare($sql);
                    $query -> bindValue(':email',$email);
                    $query -> bindValue(':password',$password);
                    $query -> execute();

                    $result = $query->fetch(PDO::FETCH_OBJ);

                }


                public function userLogin($data){

                     $email = $data['email'];
                     $password = md5($data['password']);
                    $chk_email = $this->emailCheck($email);

                     if($email == "" or $password == "" ) {
                            echo "Field must not be empty . ";               
                     }
                     else if(filter_var($email,FILTER_VALIDATE_EMAIL)=== false){  // email validate
                                    $msg = "<div class ='alert alert-danger'><strong>Error ! </strong>Email address is not valid</div>";
                                            return $msg;

                        }
                if ($chk_email==false){

                                    $msg = "<div class ='alert alert-danger'><strong>Error ! </strong>This email  is not valid</div>";
                                    return $msg;

                        }
        $res =  $this->getLoginuser($email,$password);
                            if($res){
                                session::init();
                                session::set("login",true);
                                session::set("id",$result->id);
                                session::set("name",$result->name);
                                //session::set("email",$result->email);
                                session::set("loginmsg","<div class = 'alert alert-success'><strong>success ! </strong> you are successfully login </div>");
                                    return "user login success";
                                header(" Location :index.php");
                            }
                            else{
                                $msg = "<div class = 'alert alert-danger'><strong>Error ! </strong> Some thing is not right </div>";
                                return $msg;

                            }   
                }

            }
    ?>

Please guide me on solving this issue. Thanks.

Answer 1

The answer to your question is simple: You are not returning anything from the getLoginuser() method so $res will always evaluate to false.

However you should not use an unsalted md5 hash as a password so you should change your logic to use a more up-to-date method to store and check for your passwords. You can start here: How can I store my users' passwords safely?