0
I am starting a new system only that instead of procedural I am using O.O. and PDO, I started to login, but even select returning the value, PHP shows that user or password is wrong...
Login method:
static function login($usuario, $senha) {
try {
$con = ConnectionFactory::getConnection();
$con->beginTransaction();
$senha = base64_encode($senha);
$stmt = $con->prepare("select usuario from tbl_login where usuario = '?' and senha = '?'");
$stmt->bindParam(1, $usuario);
$stmt->bindParam(2, $senha);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
// tentei colocar tmb $stmt->rowCount() == 1
if(count($users) == 1){
echo '<script> alert("Bem vindo ao sistema!");
window.location("menu.php"); </script>';
} else {
echo '<script> alert("Usuário ou senha incorretos!");
window.location("login.php"); </script>';
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
if($stmt->fetchAll(PDO::FETCH_ASSOC))
already returns true or false if there is any record, if I am not mistaken– Woton Sampaio
Gives a
var_dump($user)
to see what returns– adventistaam
The problem may be in the query, well, I don’t really like to use Question mark’s (?) Why don’t you try using the colon (:) and you don’t need the quotation marks, "select user from tbl_login Where user = :user and password = :password" and in the Binds do like this: $stmt->bindParam('user', $usuario); the program does not save the passwords in base_64 because it can be reversed, instead use another type like MD5 or Sha1
– Anderson Henrique
Do not quote simplistic in interrogations
– rray
Thanks Woton, it worked. Anderson, I switched to :user..., regarding the password, if I use the MD5, how would I check the password the guy typed with the bank password?
– Leandro
I already figured out how it works using MD5.. (only generate the MD5 of the entered password and see if it matches the bank..)
– Leandro