0

this is the login

<?php
 
class Login extends db
{
    protected function getUser($uid, $pwd)
    {
        $stmt = $this->connect()->prepare('SELECT pwd FROM users WHERE uid = ?;');
 
        if (!$stmt->execute(array($uid, $pwd))) {
            $stmt = null;
            header("location: ../index.php?error=stmtfucked");
            exit();
        }
 
        if ($stmt->rowCount() == 0) {
            $stmt = null;
            header("location: ../index.php?error=usernotfound");
            exit();
        }
 
        $hashedpwd = $stmt->fetchAll(PDO::FETCH_ASSOC);
        $checkpwd = password_verify($pwd, $hashedpwd[0]["pwd"]);
 
        if ($checkpwd == false) {
            $stmt = null;
            header("location: ../index.php?error=wrongpassword");
            exit();
        } elseif ($checkpwd == true) {
            $stmt = $this->connect()->prepare('SELECT * FROM users WHERE uid = ? AND pwd = ?;');
 
            if (!$stmt->execute(array($uid, $pwd))) {
                $stmt = null;
                header("location: ../index.php?error=stmtfailedddd");
                exit();
            }
 
            if ($stmt->rowCount() == 0) {
                $stmt = null;
                header("location: ../index.php?error=usernotfound");
                exit();
            }
 
            $user = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
            session_start();
            $_SESSION["userid"] = $user[0]["id"];
            $_SESSION["useruid"] = $user[0]["uid"];
 
            $stmt = null;
        }
    }
}

the signup does work but the login does not, why? what is wrong with the code? as it is should log me in so I do not understand what is wrong with it. also I'm new to php so maybe that is why I do not understand, hope you could help me!

Dharman
  • 30,962
  • 25
  • 85
  • 135
Xanward
  • 3
  • 5
  • What happens when you login? Blank page? Any error? Did you start sessions before? How do you call that class? – brombeer Oct 25 '22 at 11:29
  • Why is your `login` class a subtype of `db` class? These should be two completely separate functionalities. – Dharman Oct 25 '22 at 11:55
  • @brombeer when I login it(should) starts a session after redirecting me to the home page. – Xanward Oct 25 '22 at 11:59
  • @Dharman I already hashed the passwords in the signup... and it is using the db class to be able to access the db... – Xanward Oct 25 '22 at 11:59
  • I see, but that's confusing. You are trying to use the `pwd = ?` in WHERE clause, but if you hashed it, this won't work. – Dharman Oct 25 '22 at 12:01
  • You need to remove most of these `if` statements. I don't know where you learned to do that, but that's extremely messy and redundant. They will never work unless you silence error reporting. – Dharman Oct 25 '22 at 12:01
  • @Dharman thanks. so how do I execute the statement? because this is the sql query = (SELECT pwd FROM users WHERE uid = ?;) – Xanward Oct 25 '22 at 12:08
  • So why do you need the second one? – Dharman Oct 25 '22 at 12:08
  • The method `getUser` should be 4 lines of code. 1. Prepare. 2. Execute. 3. Check `password_verify`. 4. return. – Dharman Oct 25 '22 at 12:09
  • @Dharman thank you. so the query is ok? what exactly do I need to change? – Xanward Oct 25 '22 at 12:12
  • Please read the duplicate linked above and find a better tutorial. Your code has multiple errors because you have made it way too messy. If you want to keep something similar but fixed, see this code: https://pastebin.com/vSf6gad0 but even this could still be improved. – Dharman Oct 25 '22 at 12:17

0 Answers0