Can some one tell me if this is correct sessions are not getting set

sand12 · September 30, 2014, 10:05am

This is my very first PDO usage can some one tell me if this is right. Because I can’t set the the sessions.

include_once('connect.php');

$uName = $_POST['uname'];
$pWord = $_POST['pword'];

$dbSql = $dbcon->prepare('SELECT * FROM users WHERE uName = :uName AND pWord = :pWord');
$dbSql->execute(array(':uName'=>$uName, ':pWord'=>md5($pWord)));
$dbSql->setFetchMode(PDO::FETCH_ASSOC);

$num = $dbSql->fetchColumn();
$row = $dbSql->fetch();

if($num > 0){
    //Session Creating
    $_SESSION["iD"] = $row["uId"];
    $_SESSION["uType"] = $row["uType"];
    header('location:main.php');
    exit();
}else{
    header("location:index.php?login=Login Failed! Please Try Again");
    exit();
}

Pepster · September 30, 2014, 11:15am

Make sure your ares starting session by first doing this:

session_start();

I usually put this in a configuration file at the top of each page among other utility scripts.

sand12 · September 30, 2014, 11:22am

Thank you for the reply pepster, I tried that but still it doesn’t create the sessions so I did this,
I tried to echo the $row values but it seems like my if condition is not running but when I try to log in with the original code it does log me in but gives and error “> Notice: Undefined index: iD”, I don’t know what I’m doing wrong.

include_once('connect.php');

$uName = $_POST['uname'];
$pWord = md5($_POST['pword']);

$dbSql = $dbcon->prepare('SELECT * FROM users WHERE uName = :uName AND pWord = :pWord');
$dbSql->bindParam(':uName',$uName);
$dbSql->bindParam(':pWord',$pWord);
$dbSql->execute();

$num = $dbSql->fetchColumn();
$row = $dbSql->fetch(PDO::FETCH_ASSOC);

if($num > 0){
    //Session Creating
    /*$_SESSION["iD"] = $row["uId"];
    $_SESSION["uT"] = $row["uType"];
    header('location:test.php');
    exit();*/
    echo $row['uId'];
    echo $row['uType'];
}/*else{
    header("location:index.php?login=Login Failed! Please Try Again");
    exit();
}*/

droopsnoot · September 30, 2014, 12:09pm

I’m a little uncertain what you’re doing here. You call the query with your username and password, then you call fetchColumn() to get the number of rows, which will presumably be either one if your user exists, or zero if it does not (except that I don’t think you can get number of rows like that in PDO, if I read another recent thread correctly). Then you call fetch() which would return the next row, except I can’t think of a reason that there will be a second row of data for your query.

To me, you would just use fetch() and check that your uId and uType are populated as a means of deciding whether or not the user and password is valid.

$row = $dbSql->fetch(PDO::FETCH_ASSOC);
if ($row["uId"]<>"") {
  .. set your session vars, we found a user
  }
else {
  .. didn't find the user
  }

There’s probably a better way to check that a row was returned.

sand12 · September 30, 2014, 2:16pm

What I’m trying to do is this in old mysql way,

<?php
/**
 * Created by PhpStorm.
 * User: SiNUX
 * Date: 9/8/14
 * Time: 4:30 PM
 */
include_once("hostcon.php");

$uName = $_POST["uname"];
$pWord = $_POST["pword"];

$getUser = "SELECT * FROM users WHERE uName = '".$uName."' AND pass = '".md5($pWord)."'";
$trigerQuery = mysql_query($getUser);


$num = mysql_num_rows($trigerQuery);
$row = mysql_fetch_array($trigerQuery);

if($num > 0){
    //creating session
    $_SESSION["iD"] = $row["uId"];
    $_SESSION["uType"] = $row["admin"];
    header("location:admin.php");
    exit();
    /*if($row["admin"] == "Yes"){

        header("location:admin.php");
        exit();
    }else{
        header("location:user.php");
        exit();
    }*/
}else{//if the user details don't match up
    header("location:index.php?login=Login Failed! Please Try Again.");
    exit();
}

Is there a way to do a similar thing with PDO 'cos I really want to learn PDO and hell I can’t find good material to learn.

fretburner · September 30, 2014, 2:20pm

I came across this tutorial the other day, see what you think: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

sand12 · September 30, 2014, 3:30pm

I’m really getting tired of this PDO thing mysql was able to do what I wanted this is just burning my patients the people who keep advising me to use PDO is silent when I present them with this issue.

Dormilich · September 30, 2014, 4:51pm

fetchColumn() really doesn’t make sense here. the most simple approach here is to fetch the row and test if it’s not false (since this is what is returned for an empty set).

$dbSql = $dbcon->prepare('SELECT * FROM users WHERE uName = :uName AND pWord = :pWord');
$dbSql->bindParam(':uName', $uName);
$dbSql->bindParam(':pWord', $pWord);
$dbSql->execute();

$row = $dbSql->fetch(PDO::FETCH_ASSOC);

if ($row) {
    // login successful
} else {
    // login failed
}

droopsnoot · September 30, 2014, 6:09pm

Well, you got an answer. You shouldn’t use fetchColumn() because it won’t return the number of rows as you want. And if you use fetchColumn(), by the time your next line of code runs (the fetch() line) there isn’t any data left to fetch, because the one and only row returned by your query was consumed by the fetchColumn() function.

As Dormilich said, just check for the query returning true. If you need to count the number of rows returned by a query using PDO, that’s a different thing, but you don’t here.

sand12 · October 1, 2014, 3:16am

I changed my code and used echo in the if condition to see if it get and display data from the DB and it’s does but when I assign them to the $_SESSION it’s not creating any session data that’s where I have my issue.

new code.

$uName = $_POST['uname'];
$pWord = md5($_POST['pword']);

$dbQuary = "SELECT * FROM `users` WHERE `uName` = :uName AND `pWord` = :pWord";
$dbSql = $dbcon->prepare($dbQuary);
$dbSql->bindParam(':uName',$uName);
$dbSql->bindParam(':pWord',$pWord);
$dbSql->execute();


if($row = $dbSql->fetch(PDO::FETCH_ASSOC)){

    //echo $row["uId"];
    //echo $row["name"];

    //Session Creating
    $_SESSION["iD"] =$row["uId"];
    //$_SESSION["uT"] = $row["uType"];
    header('location:test.php');
}else{
    header("location:index.php?login=Login Failed! Please Try Again");
    exit();
}

Dormilich · October 1, 2014, 6:42am

have you started the session?

sand12 · October 6, 2014, 10:49am

I have another site which uses the same method to log in it works but this dosen’t

sand12 · October 6, 2014, 2:49pm

Well I solved this I think it was the single quotes which was accepting my sent data once I change it started work the code is listed below.

    include_once("connect.php");

$uName = $_POST["uname"];
$pWord = md5($_POST["pword"]);

$dbQuary = "SELECT * FROM `users` WHERE `uName` = :uName AND `pWord` = :pWord";
$dbSql = $dbConnect->prepare($dbQuary);
$dbSql->bindParam(':uName',$uName);
$dbSql->bindParam(':pWord',$pWord);
$dbSql->execute();


if($row = $dbSql->fetch(PDO::FETCH_ASSOC)){
    //Session Creating
    $_SESSION["iD"] =$row["uId"];
    $_SESSION["uType"] = $row["uType"];
    header('location:main.php');
}else{
    header("location:index.php?login=Login Failed! Please Try Again");
    exit();
}

SpacePhoenix · October 6, 2014, 6:40pm

You need to move away from md5 as it has been rainbow tabled to death. You should really be using sha256 at the minimum. If you’re using PHP 5.5 then there are some new functions that make dealing with hashing and salts easier. If you’re using PHP 5.4 or earlier there’s a backwards compatible library (don’t have the link to it to hand)

sand12 · October 7, 2014, 4:07pm

I will but this one is for an assignment and well I’m gonna use md5 as an security issue so I can describe the sha256 as better one.