I'm trying to create a login which only needs PASSWORD to access. I've got this.
/* Validates the login form data, checks if username and password are provided
@return bool Login form data check success state */
private function checkLoginFormDataNotEmpty() {
if (!empty($_POST['user_name']) && !empty($_POST['user_password'])) { return true; }
elseif (empty($_POST['user_name'])) { $this->feedback = "Username field was empty."; }
elseif (empty($_POST['user_password'])) { $this->feedback = "Password field was empty."; }
return false; } // default return
/* Checks if user exits, if so: check if provided password matches the one in the database
@return bool User login success status */
private function checkPasswordCorrectnessAndLogin() {
// remember: the user can log in with username or email address
$sql = 'SELECT user_name, user_email, user_password_hash
FROM users
WHERE user_name = :user_name OR user_email = :user_name
LIMIT 1';
$query = $this->db_connection->prepare($sql);
$query->bindValue(':user_name', $_POST['user_name']);
$query->execute();
// Btw that's the weird way to get num_rows in PDO with SQLite:
// if (count($query->fetchAll(PDO::FETCH_NUM)) == 1) {
// Holy! But that's how it is. $result->numRows() works with SQLite pure, but not with SQLite PDO.
// This is so crappy, but that's how PDO works.
// As there is no numRows() in SQLite/PDO (!!) we have to do it this way:
// If you meet the inventor of PDO, punch him. Seriously.
$result_row = $query->fetchObject();
if ($result_row) {
// using PHP 5.5's password_verify() function to check password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_is_logged_in'] = true;
$this->user_is_logged_in = true;
return true; }
else { $this->feedback = "Wrong password."; } }
else { $this->feedback = "This user does not exist."; }
// default return
return false;
}
So I removed the things related to 'user_name' until I got this:
/* Validates the login form data, checks if username and password are provided
@return bool Login form data check success state */
private function checkLoginFormDataNotEmpty() {
if (!empty($_POST['user_password'])) { return true; }
elseif (empty($_POST['user_password'])) { $this->feedback = "Password field was empty."; }
return false; } // default return
/* Checks if user exits, if so: check if provided password matches the one in the database
@return bool User login success status */
private function checkPasswordCorrectnessAndLogin() {
// remember: the user can log in with username or email address
$sql = 'SELECT user_name, user_email, user_password_hash
FROM users
LIMIT 1';
$query = $this->db_connection->prepare($sql);
$query->execute();
// Btw that's the weird way to get num_rows in PDO with SQLite:
// if (count($query->fetchAll(PDO::FETCH_NUM)) == 1) {
// Holy! But that's how it is. $result->numRows() works with SQLite pure, but not with SQLite PDO.
// This is so crappy, but that's how PDO works.
// As there is no numRows() in SQLite/PDO (!!) we have to do it this way:
// If you meet the inventor of PDO, punch him. Seriously.
$result_row = $query->fetchObject();
if ($result_row) {
// using PHP 5.5's password_verify() function to check password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_is_logged_in'] = true;
$this->user_is_logged_in = true;
return true; }
else { $this->feedback = "Wrong password."; } }
else { $this->feedback = "This user does not exist."; }
// default return
return false;
}
PROBLEM: It works, but only with the first password in sql database.
Any solution please? I would thank you so so much :(
Aucun commentaire:
Enregistrer un commentaire