Clever Geek Handbook

Passing $ _SESSION to php

It has been going on for hours now and is desperate for fresh eyes. When logon occurs, the form is loaded to validate the encrypted password and username in the database, since it does not have any errors thrown in the form when it starts, but just when it starts it strips the user data passed to the database.

I also get a final expression giving me "Access Denied". Any help would be immensely appreciated, just need to have a fresh set of eyes, thanks a lot. also add all instances of $ data to the database

<?php
$serverName = "localhost";
$username = "root";
$password = "";
$databaseName = "filestackusers";
$connect = new PDO("mysql:host=$serverName;dbname=$databaseName",$username, $password);
//encrypt pass and user for search
if(isset($_POST["username"]) && isset($_POST["password"]))
{
$FolderEncryption = md5($_POST['username']);
$passwordEncryption = md5($_POST['password']);
}
else
{
    echo "information not passed";
}


try
{
    //search if found load info
    $checkSqlStmt = $connect->prepare("SELECT * FROM users WHERE user_folder =
   :FolderEncryption AND password = :passwordEncryption");

    //bind
    $checkSqlStmt->bindParam(':FolderEncryption', $FolderEncryption, PDO::PARAM_STR);
    $checkSqlStmt->bindParam(':passwordEncryption', $passwordEncryption, PDO::PARAM_STR);

    //execute
    $checkSqlStmt->execute();

    $data = $checkSqlStmt -> fetchAll();

}
catch (Exception $ex)
{
    die("An error has occured! " . $ex->getMessage());
}

if ($data)
{
    if($_POST["username"] == $data[0]["username"]) //recheck email security
    {
        echo 'Access Granted';

        $_SESSION['userID'] = $data[0]['user_id'];
        $_SESSION['Username'] = $data[0]['username']; //set sessions
        $_SESSION['Password'] = $data[0]['password'];
        $_SESSION['Email'] = $data[0]['email'];
        $_SESSION['UserFolder'] = $data[0]['user_folder'];

        //load user info
        loadFileInformation();
    }
}
    else
    {
        echo "Access Denied";
    }
?>
+3


source to share


2 answers


You only echo access denied

when $ data evaluates to false. It could be that you don't assign it at all, which is what happens when you get an exception while executing a request. If there are no exceptions, fetchAll can still return false on error.

But also, if the query runs correctly but doesn't return a string, it fetchAll()

returns an empty array, which also evaluates to false in PHP. (I don't do this!)



So, depending on the case, it has to do with the execution of the request.

+4


source


Most likely your variable $data

is not correct, so your code will echo "Access Denied"

. You have to set your condition to check that $ data is equal to what you want and then proceed.

Example:

if ($data == "Blah"){ 
  if($_POST["username"] == $data[0]["username"]) //recheck email security
  {
     //Blah Blah
  }
}else{echo "Access Denied";}


Unlike:

if ($data)
{
    if($_POST["username"] == $data[0]["username"]) //recheck email security
    {
      //Blah Blah
    }
 }else{echo "Access Denied";} // etc

The point is that your condition should be more accurate. Does it use fetchAll

or something else.

+1


source






More articles:


All Articles