Authentication problem in PHP, returns PDO::errorcode(): 00000

Asked

Viewed 65 times

0

I have a problem to authenticate a site with php, when I put the data in the form it returns the error message I enter if it failed and another error message 0000 in the login method. Apparently I did not find syntax errors or anything else in the code. Below is the code I’m having the problem:

1) Class User - class.user.php

<?php
   require_once('././conexao/DbConfiguration.php');


class User
{
  private $conn;

  private $userRoles;      

 function __construct()
 {
    $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;

    $this->userRoles = array();        
 }

 public function runQuery($sql)
 {
        $stmt = $this->conn->prepare($sql);
        return $stmt;
 }

 public function doLogin($username, $password, $rolename)
 {
     try
     {                      
       $query  = "SELECT u.username, u.password, r.rolename FROM user_roles ur LEFT JOIN users u ON ur.userID=u.iD ";
       $query .= "LEFT JOIN roles r ON ur.roleID=r.ID WHERE u.username=:uname && r.rolename=:rolename ";

       $stmt = $this->conn->prepare($query); //"SELECT * FROM users WHERE username=:uname "
       $stmt->execute(array(':uname'=>$username,':rolename'=>$rolename));
       $userRow = $stmt->fetch(PDO::FETCH_ASSOC);
       $passwordAux = md5($password);                                            

       if($stmt->rowCount() > 0)
       {
         if(password_verify($passwordAux, $userRow['password']))
         {                
            //$_SESSION['user_session'] = $userRow['user_id'];                
            $_SESSION['ss_user_id'] = $userRow['user_id'];
            //$_SESSION['access'] = $userRow['access'];                                                                                                                
            return true;
         }
         else
         {                
            return false;
         }             


       }
       else
       {
         echo "\nPDO::errorCode():\n";
         print_r($stmt->errorCode());
       }
      }
      catch(PDOException $e)
      {
         echo $e->getMessage();             
      }
 }

2) Login page - login.php

  <?php      

  require_once 'includes/inputs.php';   
  require_once 'includes/classes/class.user.php';

  if ( !isset($pagetitle) )
  {
     $pagetitle = "QuestWeb - [Acesso Restrito]";
  }


  $user_login = new USER();

  if (isset($_POST['btn-login']))
  {
      $uname  = verifyInput($_POST['nmusr']);
      $upass  = verifyInput($_POST['pswd']);
      $roles  = array("1" => "Administrators", "2" => "Users", "3" =>    "Authors");

  if( $user_login->doLogin($uname,$upass, $roles[1]) )
  {
      $user_login->redirect('modulos/dashboard-1.php');
      //$message = "OK";
  }
  else if( $user_login->doLogin($uname,$upass, $roles[2]) )
  {
     $user_login->redirect('modulos/dashboard-2.php');
  }
  else if( $user_login->doLogin($uname,$upass, $roles[3]) )
  {
     $user_login->redirect('modulos/dashboard-3.php');
  }
  else
  {
      $message = "<label>Falha de acesso</label>";          
  }
 }
 ?>
<html>
....
<?php                                
   if(isset($message))
   {
  ?>
  <div class="alert alert-danger">
      <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $message; ?> !
   </div>
   <?php
   }
?>
<form method="post" class="login-form" id="login-form">
    <div class="form-group">
        <label class="sr-only" for="form-username">Usu&uacute;rio</label>
        <input type="text" name="nmusr" placeholder="Usu&aacute;rio" class="form-control" id="form-username">
    </div>

    <div class="form-group">
        <label class="sr-only" for="form-password">Senha</label>
        <input type="password" name="pswd" placeholder="Senha" autocomplete="off" class="form-control" id="form-password">
    </div>

   <hr>

   <button type="submit" class="btn btn-link-2" name="btn-login">ENTRAR NO SISTEMA</button>

  <hr>

  <div id="form-group">
        <a href="alterar_senha.php" class="btn btn-link forgot-link">Esqueceu a senha</a>
  </div>
    </form>

1 answer

0

This message is coming to you because this condition $stmt->rowCount() > 0 is never true.

According to the PHP documentation the function rowCount:

Pdostatement::rowCount() Returns the number of Rows affected by the last DELETE, INSERT, or UPDATE statement executed by the corresponding Pdostatement Object.

In other words, in the case of SELECT this function has no effect.

You can get around this problem by using another comparison like:

userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$passwordAux = md5($password);

if ($userRow) {
    if (password_verify($passwordAux, $userRow['password'])) {
        // $_SESSION['user_session'] = $userRow['user_id'];
        $_SESSION['ss_user_id'] = $userRow['user_id'];
        // $_SESSION['access'] = $userRow['access'];
        return true;
    } else {
        return false;
    }
} else {
    echo "\nPDO::errorCode():\n";
    print_r($stmt->errorCode());
}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.