-1

so my PHP & PDO login is returning 0 every time, even if the info is correct. The register page works fine, no errors in that. But as soon as I try to login, it seems that $Count = $stmt->rowCount(); is returning null every time. I tried echoing $Count to see what the value was returning, and even if the information was 100% correct it still returned zero. Any help? Here's my code.

public function userLogin($email, $password)
  {

        try {
              $dbConnection = $this->DBConnect();
              $stmt = $dbConnection->prepare('SELECT * FROM `users` WHERE `email` = :email and `password` = :password');
              $hash_password = hash('sha256', $password);
              $stmt->bindParam(":email", $email, PDO::PARAM_STR);
              $stmt->bindParam(":password", $hash_password, PDO::PARAM_STR);
              $stmt->execute();

              $Count = $stmt->rowCount();
              $data = $stmt->fetch(PDO::FETCH_OBJ);
              if ($Count == 1) {
                    session_start();
                    $_SESSION['uid'] = $data->UID;
                    $_SESSION['username'] = $data->username;
                    $_SESSION['firstname'] = $data->firstname;
                    $_SESSION['lastname'] = $data->lastname;
                    $_SESSION['ip_address'] = $data->ip_address;
                    header('Location: /panel/index?success');
                    $dbConnection = null;
                    return true;
              } else {
                    header('Location: /panel/login?error');
                    $dbConnection = null;
                    return false;
              }
        } catch (PDOException $e) {
              echo 'Connection failed: ' . $e->getMessage();
        }
  }
LoveCenti
  • 7
  • 3
  • 1
    Does this answer your question? [Row count with PDO](https://stackoverflow.com/questions/883365/row-count-with-pdo) – Simon K Jan 29 '22 at 18:05
  • Just to be clear, in a programming context `null !== 0`. – Markus AO Jan 29 '22 at 18:10
  • Please try searching before posting a new question, there are so many answers to this question here on SO already. Checking [the docs](https://www.php.net/manual/en/pdostatement.rowcount.php) would also have shown `rowCount()` is not what you're after. – Don't Panic Jan 29 '22 at 23:08

1 Answers1

0

you better put that to use: password_hash() and password_verify()

$dbConnection = $this->DBConnect();
$stmt = $dbConnection->prepare('SELECT * FROM `users` WHERE `email` = :email AND password != ""');
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
$stmt->execute();
if($data = $stmt->fetch(PDO::FETCH_OBJ)) {
    if(password_verify($password, $data->password) === TRUE) {
    
    }
}
daniel
  • 273
  • 2
  • 7