Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

What's wrong with my code?

I'm trying to create a working login system. When I register, the data is submitting correctly but when I go to login, it won't perform the functions that it is supposed to. It's supposed to go to the admin.php page only if the credentials are valid but it won't execute the function. Where am I going wrong in my code below?
PHP:
<?php
// Connect to the database
$pdo = new PDO('mysql:host=localhost;dbname=accounts', 'root', '');

// Retrieve form data
$user_id = $_POST['user_id'];
$password = $_POST['password'];

// Check if the user exists in the database
$stmt = $pdo->prepare("SELECT * FROM users WHERE user_id = ?");
$stmt->execute([$user_id]);
$user_id = $stmt->fetch();

if ($user_id && password_verify($password, $user_id['password'])) {
  // User authenticated, store user session or redirect to a protected page
  session_start();
  $_SESSION['user_id'] = $user_id['user_id'];
  header("Location: admin.php");
  exit();
} else {
    header("Location: index.php");
    die();
}
?>
 
Your code seems generally correct, but there might be an issue with reusing the $user_id variable for both the form data and the fetched user data from the database. It could be causing a problem when trying to verify the password. I recommend using a different variable to store the fetched user data from the database. Here's an updated version of your code:

PHP:
<?php
// Connect to the database
$pdo = new PDO('mysql:host=localhost;dbname=accounts', 'root', '');

// Retrieve form data
$user_id_input = $_POST['user_id'];
$password = $_POST['password'];

// Check if the user exists in the database
$stmt = $pdo->prepare("SELECT * FROM users WHERE user_id = ?");
$stmt->execute([$user_id_input]);
$user_data = $stmt->fetch();

if ($user_data && password_verify($password, $user_data['password'])) {
// User authenticated, store user session or redirect to a protected page
session_start();
$_SESSION['user_id'] = $user_data['user_id'];
header("Location: admin.php");
exit();
} else {
header("Location: index.php");
die();
}
?>


In this version, I changed the variable name from $user_id to $user_data after fetching the user information from the database. This should prevent any conflicts and ensure that you're properly verifying the password against the fetched user data. Make sure your database schema and data are correct as well, and that the password is hashed correctly during registration.
 
There may be some issue with the code,
1. same variables $user_id, are being used for both the form input and the fetched user data.
2. when user register, make sure that the stored passwords in your database are hashed using password_hash()

check below updated code for you,

Code:
<?php
// Connect to the database
$pdo = new PDO('mysql:host=localhost;dbname=accounts', 'root', '');

// Retrieve form data
$input_user_id = $_POST['user_id'];
$password = $_POST['password'];

// Check if the user exists in the database
$stmt = $pdo->prepare("SELECT * FROM users WHERE user_id = ?");
$stmt->execute([$input_user_id]);
$user_data = $stmt->fetch();

if ($user_data && password_verify($password, $user_data['password'])) {
  // User authenticated, store user session or redirect to a protected page
  session_start();
  $_SESSION['user_id'] = $user_data['user_id'];
  header("Location: admin.php");
  exit();
} else {
    header("Location: index.php");
    exit();
}
?>
 

New Threads

Buy us a coffee!

Back
Top Bottom