Register is working fine, but I can't seem to get the login working. I keep getting "Invalid Username/Password". Can anyone find the problem?
This code is on loginclass.php
public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
public function userLogin() {
//success variable will be used to return if the login was successful or not.
$success = false;
try{
//create our pdo object
$con = new PDO('mysql:host=localhost;dbname=dbname;charset=utf8', 'username', 'password');
//set how pdo will handle errors
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
//this would be our query.
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
//prepare the statements
$stmt = $con->prepare( $sql );
//give value to named parameter :username
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
//give value to named parameter :password
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
}
$con = null;
return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
Here is the welcome/invalid message code. This is on a separate page called login.php
<?php
} else {
$usr = new Users;
$usr->storeFormValues( $_POST );
if( $usr->userLogin() ) {
echo "Welcome";
} else {
echo "Incorrect Username/Password";
}
}
?>