mysql - Login form PHP using PDO statements -
i creating signup , login form. in signup form taking inputs users , storing inputs in database. want when user input username , password in nss-login.php compares database whether username , password available in database or not. if credentials available redirects nss-admin.php.
however, current code doesn't seem working whatever, seems okay logically. new php 2 weeks i'm missing something. i've been looking around see doing wrong still can't figure out, posting here last resort. appreciate taking time view question.
please make required changes in code files , rectify errors necessary.
this nss-functions.php
<?php include 'nss-config.php'; function connect($config) { try { $conn = new pdo('mysql:host=localhost; dbname='.$config['database'], $config['username'],$config['password']); $conn -> setattribute(pdo :: attr_errmode, pdo:: errmode_exception); return $conn; } catch (exception $e) { return false; } } function query($query,$bindings,$conn) { $stmnt = $conn->prepare($query); $stmnt->execute($bindings); return ($stmnt->rowcount() > 0) ? $stmnt : false; } ?>
this nss-signup.php
<!doctype html> <html> <head> <title>create free account</title> </head> <body> <?php include 'nss-functions.php'; $conn=connect($config); if (!$conn) die('problem connecting db.'); if($_server['request_method'] == 'post') { $username = $_post['username']; $email = $_post['email']; $password = $_post['password']; $repass = $_post['repass']; if(empty($username) || empty($email) || empty($password) || empty($repass)) { echo "please fill inputs correctly"; } else { if($repass == $password) { query("insert users(username,email,password) values(:username, :email , :password)", array('username' => $username, 'email' => $email , 'password' => $password) , $conn); echo "your account created"; } else { echo "fill password correctly"; } } } ?> <form action="nss-signup.php" method="post"> <h1>create account</h1> <p><label for="username">username</label> <input type="text" id="username" name="username" /></p> <p><label for="email">email address</label> <input type="text" id="email" name="email" /></p> <p><label for="password">choose password</label> <input type="password" id="password" name="password" /></p> <p><label for="repass">confirm password</label> <input type="password" id="repass" name="repass" /></p> <p><input type="submit" value="submit" name="loginform" /></p> </form> </body> </html>
this nss-login.php
<!doctype html> <html> <head> <title></title> </head> <body> <?php include 'nss-validate.php'; session_start(); if($_server['request_method'] == 'post') { $user = $_post['username']; $pass = $_post['password']; if(validate($user,$pass)) { $_session['user'] = $user; header("location:nss-admin.php"); } else { echo "incorrect credentials"; } } ?> <form action="nss-login.php" method="post"> <h1>sign in account</h1> <p><label for="username">username</label> <input type="text" id="username" name="username" /></p> <p><label for="password">your password</label> <input type="password" id="password" name="password" /></p> <p><input type="submit" value="submit" name="loginform" /></p> <p>don't have account? <a href="nss-signup.php">create one</a>.</p> </form> </body> </html>
this nss-validate.php
<?php include 'nss-functions.php'; function validate($username,$password) { $x = query("select username users username = :username", // variable username array('username' => $username) , $conn); $y = query("select password users password = :password", // variable password array('password' => $password) , $conn); return ($username == $x && $password == $y); } ?>
this nss-admin.php
<?php require 'nss-login.php'; ?> <!doctype html> <html> <head> <title></title> </head> <body> <h1>hello, <?= $_session['user']; ?></h1> <h3><a href="#">logout</a></h3> </body> </html>
$conn
not exist in variable scope of validate()
function.
change function definition this:
function validate($username,$password, $conn) {
and call accordingly.
note: validate function completly useless. log in existing password of other user (if works @ all, doubt). also, seem store password in plain text in database.
Comments
Post a Comment