Passing $ _SESSION to php
It has been going on for hours now and is desperate for fresh eyes. When logon occurs, the form is loaded to validate the encrypted password and username in the database, since it does not have any errors thrown in the form when it starts, but just when it starts it strips the user data passed to the database.
I also get a final expression giving me "Access Denied". Any help would be immensely appreciated, just need to have a fresh set of eyes, thanks a lot. also add all instances of $ data to the database
<?php
$serverName = "localhost";
$username = "root";
$password = "";
$databaseName = "filestackusers";
$connect = new PDO("mysql:host=$serverName;dbname=$databaseName",$username, $password);
//encrypt pass and user for search
if(isset($_POST["username"]) && isset($_POST["password"]))
{
$FolderEncryption = md5($_POST['username']);
$passwordEncryption = md5($_POST['password']);
}
else
{
echo "information not passed";
}
try
{
//search if found load info
$checkSqlStmt = $connect->prepare("SELECT * FROM users WHERE user_folder =
:FolderEncryption AND password = :passwordEncryption");
//bind
$checkSqlStmt->bindParam(':FolderEncryption', $FolderEncryption, PDO::PARAM_STR);
$checkSqlStmt->bindParam(':passwordEncryption', $passwordEncryption, PDO::PARAM_STR);
//execute
$checkSqlStmt->execute();
$data = $checkSqlStmt -> fetchAll();
}
catch (Exception $ex)
{
die("An error has occured! " . $ex->getMessage());
}
if ($data)
{
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
echo 'Access Granted';
$_SESSION['userID'] = $data[0]['user_id'];
$_SESSION['Username'] = $data[0]['username']; //set sessions
$_SESSION['Password'] = $data[0]['password'];
$_SESSION['Email'] = $data[0]['email'];
$_SESSION['UserFolder'] = $data[0]['user_folder'];
//load user info
loadFileInformation();
}
}
else
{
echo "Access Denied";
}
?>
source to share
You only echo access denied
when $ data evaluates to false. It could be that you don't assign it at all, which is what happens when you get an exception while executing a request. If there are no exceptions, fetchAll can still return false on error.
But also, if the query runs correctly but doesn't return a string, it fetchAll()
returns an empty array, which also evaluates to false in PHP. (I don't do this!)
So, depending on the case, it has to do with the execution of the request.
source to share
Most likely your variable $data
is not correct, so your code will echo "Access Denied"
. You have to set your condition to check that $ data is equal to what you want and then proceed.
Example:
if ($data == "Blah"){
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
//Blah Blah
}
}else{echo "Access Denied";}
Unlike:
if ($data)
{
if($_POST["username"] == $data[0]["username"]) //recheck email security
{
//Blah Blah
}
}else{echo "Access Denied";} // etc
The point is that your condition should be more accurate. Does it use fetchAll
or something else.
source to share