/    Sign up×
Community /Pin to ProfileBookmark

How to target individual columns from a selected row

Copy linkTweet thisAlerts:
Jan 30.2015

Thanks for your time, Forum:

Stored in my MySQL db are: memberID, username, password, fName, lName, email, date

On the login page, this is what I have:

[code=php]
try{
$stmt = $db->prepare(“SELECT * FROM members WHERE username = :uname”);
$stmt->bindParam(‘:uname’, $uname);
//$user_id = $stmt->fetchColumn();
//echo $user_id;
$row = $stmt->fetch(PDO::FETCH_OBJ);
if($row[“username”] == true) { echo “Username is good”;
if(PassHash::check_password($row[“password”], $_POST[‘pwd1’])) {
echo ‘Access granted!’;
}
}
else {
echo ‘Invalid username or password!’;
}
}
[/code]

I got the password hash code from [url]http://code.tutsplus.com/tutorials/understanding-hash-functions-and-keeping-passwords-safe–net-17577[/url] halfway down the page at #8.
My code throws no errors. But even with the correct data in the form fields, I always get “Invalid username or password”. I don’t understand. Does anyone see the mistake I’m making in my code?

~Landslyde

to post a comment
PHP

5 Comments(s)

Copy linkTweet thisAlerts:
@LesshardtoofindJan 31.2015 — Hey I was just trying something like this and fetch() only seemed to return true, false, or NULL. There is some documentation here http://php.net/manual/en/mysqli-stmt.fetch.php

To get mine to work I used [B]get_result()[/B] and [B]fetch_array()[/B]

It looked something like
[code=php]
 if($stmt->execute()){
$result = $stmt->get_result();
while($row = $result->fetch_array(MYSQLI_NUM)){
foreach ($row as $value) {
echo $value . "-";
}
echo ":";
}
}
[/code]

I think the above documentation shows how to get a result using just fetch() in its example code.
Copy linkTweet thisAlerts:
@LandslydeauthorJan 31.2015 — Many thanks for responding, Lesshardtoofind:

I'm not so sure I can mix mysqli with PDO. Will look into it though
Copy linkTweet thisAlerts:
@NogDogJan 31.2015 — You need a $stmt->execute() after the bind and before the fetch.
Copy linkTweet thisAlerts:
@LandslydeauthorJan 31.2015 — I meant to update my post with that. Sorry. I did some changes to my code and it's without error, but it still doesn't do what it's suppose to do.

[code=php]
 try{
$stmt = $db->prepare("SELECT username, password FROM members WHERE username = :uname");
$stmt->bindValue(':uname', $uname, PDO::PARAM_STR);
$stmt->execute();

$result = $stmt->fetchAll();

if ( count($result) ) {
foreach($result as $row) {
if($row["username"] == true) { echo $row["username"]; echo $row["password"]; echo $_POST['pwd1'];
if(PassHash::check_password($row["password"], $_POST['pwd1'])) {
echo 'Access granted!';
}
}
else {
echo 'Invalid username or password!';
}
}
}
}
[/code]
The 3 echoes following that one if statement all output correctly. But in the very next breath it calls the PassHash class from a required_once 'passhash.php' file. The thing is, it never tells me "Access granted" or "Invalid username or password". And I can only assume that the required file works right. I read all the posts regarding it and no one complained about it at all. For your viewing, here is that file:

[code=php]
<?php

class PassHash {

// blowfish
private static $algo = '$2a';

// cost parameter
private static $cost = '$10';


// mainly for internal use
public static function unique_salt() {
return substr(sha1(mt_rand()),0,22);
}

// this will be used to generate a hash
public static function hash($password) {

return crypt($password,
self::$algo .
self::$cost .
'$' . self::unique_salt());

}


// this will be used to compare a password against a hash
public static function check_password($hash, $password) {

$full_salt = substr($hash, 0, 29);

$new_hash = crypt($password, $full_salt);

return ($hash == $new_hash);

}

}
[/code]
And since I'm the one who entered both the username and password to test this, I know my entry is right. Do you see anything wrong with any of this?
Copy linkTweet thisAlerts:
@LandslydeauthorJan 31.2015 — SOLVED!

Not all is as it seems...sometimes. The code works perfectly ?
×

Success!

Help @Landslyde spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...