i am trying to create a basic login form for a page of mine, i haven't been coding a website for a long time so i just tried to change a bit a ready code from before, connected it to my database and the right table etc... but when i try to login it keeps failing the verify password if function saying "incorrect password"
login.php
<?php include 'includes/session.php'; ?>
<?php include 'includes/header.php'; ?>
<body >
<section >
<?php
if(isset($_SESSION['error'])){
echo "
<div class='callout callout-danger text-center'>
<p>".$_SESSION['error']."</p>
</div>
";
unset($_SESSION['error']);
}
if(isset($_SESSION['success'])){
echo "
<div class='callout callout-success text-center'>
<p>".$_SESSION['success']."</p>
</div>
";
unset($_SESSION['success']);
}
?>
<form action="verify.php" method="POST">
<h2 >Login Form</h2>
<div ><i ></i></div>
<div ><input type="username" name="username" placeholder="Username" required></div>
<div ><input type="password" name="password" placeholder="Password" required></div>
<div ><button type="submit" name="login">Log In</button></div><a href="#">Forgot your email or password?</a>
</form>
</section>
<?php include 'includes/scripts.php' ?>
</body>
</html>
session.php
<?php
include 'includes/conn.php';
session_start();
if(isset($_SESSION['admin'])){
header('location: admin/home.php');
}
?>
verify.php
<?php
include 'includes/session.php';
$conn = $pdo->open();
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
try{
$stmt = $conn->prepare("SELECT *, COUNT(*) AS numrows FROM users WHERE username = :username");
$stmt->execute(['username'=>$username]);
$row = $stmt->fetch();
if($row['numrows'] > 0){
if($row['status']){
if(password_verify($password, $row['password'])){
if($row['type']){
$_SESSION['admin'] = $row['id'];
}
}
else{
$_SESSION['error'] = 'Incorrect Password';
}
}
else{
$_SESSION['error'] = 'Account not activated.';
}
}
else{
$_SESSION['error'] = 'username not found';
}
}
catch(PDOException $e){
echo "There is some problem in connection: " . $e->getMessage();
}
}
else{
$_SESSION['error'] = 'Input login credentails first';
}
$pdo->close();
header('location: login.php');
?>
CodePudding user response:
do a
var_dump($row)
right before your
$_SESSION['error'] = 'Incorrect Password';
Once you know what the value of the row is, that should point you in the right direction.