PHP Login

[activeradio]

I have a PHP login script that I made. My previous version was made in mySQL, but now I am converting to POD for various reasons. This has already happened several times, DO NOT get yourself confused!

It runs by posting to a file called access.php. I tried to implement some debugging, but it returns nothing.

Code:

<?php
try {
    $host = 'localhost';
    $port = 3306;
    $database = 'members';
    $db_username = 'stencil_access';
    $db_password = '';

    $DSN = new PDO("mysql:host=$host;port=$port;dbname=$database", $db_username, $db_password);
} catch (PDOException $e) {
    echo $e->getMessage();
}
date_default_timezone_set('Europe/London');
 
date('Y-m-d H:i:s');
 
$username = $_POST['username'];
$password = sha1(sha1($_POST['username']) . sha1($_POST['password']));

$STH = $DSN->prepare("SELECT * FROM members WHERE username = $username AND password = $password AND expiry > NOW() OR type > 0 LIMIT 1"); //Line 20
$STH->execute(array($username,$password));

//Debugging
echo "<pre>";
var_dump($STH);
echo "</pre>";
//End

if ($STH->fetchColumn() == false) {
        header("location:invalid.php");
} else {
        session_start();
 
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
 
        header("Location:main.php");
        die();
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
</html>

After sending my username, and password, it results in this:

SQLSTATE[28000] [1045] Access denied for user 'stencil_access'@'int.web6.vital.x10hosting.com' (using password: NO)
Fatal error: Call to a member function prepare() on a non-object in access.php on line 20

[MaestroFX1]

Change:

PHP Code:

$db_username = 'cpanelusername_database-username'; //not stencil_access
$db_password = 'database-username_pwd'; 


[activeradio]

I hope this is what you are looking for. My cPanel username is stencil and the username is admin. My database name is access and my table name is members.

$db_username = 'stencil_access-admin';
$db_password = 'access-admin_<censored>';

Here are the new errors:

SQLSTATE[28000] [1045] Access denied for user 'stencil_access-a'@'int.web6.vital.x10hosting.com' (using password: YES)
Fatal error: Call to a member function prepare() on a non-object in /home/stencil/public_html/access.php on line 20

[Condenzationator]

I believe it should be:

$database = 'stencil_access';
$db_username = 'stencil_admin';
$db_password = '<censored>';

You won't need the table name when connecting to the database.

You are still connecting to a MySQL database; however, what I think you meant to say was that you are using the PDO functions instead of the mysql functions.

[activeradio]

This is the problem that I am frustrated with. Condenzationator, that is exactly what I had before... After changing it to what MaestroFX1 said, similar errors. People who didn't know PDO tired to help me, but only to take me back to mySQL.

[essellar]

The problem seems to me to be that $DSN doesn't exist outside the try block in the code you posted (it's effectively created inside the block), so the $DSN you're trying to execute the prepare() statement against isn't the same $DSN that you assigned a PDO object to.

[Condenzationator]

I understand, but your first post shows

$database = 'members';

when it should be

$database = 'stencil_access';

I'm assuming you have tried this, however then.

Here is what I have for my (pdo connection) login script, which works without a problem:

<edited out due to no need now>

It is worth pointing out however, this script is rather old, and there are many things that could be improved, seeing as this was one of my first, and no longer in use. As said above, I have had no problems with it, regardless of how ill-formed and done.

Use it as you wish (if need be), I have left it unchanged from the original code, with the exception of the connection details, so it still contains all of the other meaningless (to you) info.

As a side note, it also seems it is a problem with the object being created, since the prepare statement is receiving an error saying the object doesn't exist. In this case, the entire problem could just be a variable scope problem. This was solved in my script by sticking the connection and the queries into the try statement. There may be a better method than this however, so perhaps some of the veterans could offer some helpful insight into the variable scoping part.

Edit:
Oops, it looks like essellar beat me to it (by 14 minutes too!). Took me too long to write all that out, sorry. =P

[activeradio]

Eselllar, even if I put $DSN outside of the try block, it still results in the same errors. I did fix the database error: changed members to stencil_access. I got the same errors there as well.

[essellar]

There's nothing magical about PDO -- it issues the same commands to the database using the same credentials as MySQL/MySQLi. The error statement you received at the beginning of all of this was that you were trying to issue a prepare() statement against an object that doesn't exist. For testing purposes, you can test the $DSN variable at various points in your code using the instanceof operator. If ($DSN instanceof PDO) returns true after your construction (new) statement but false elsewhere, you know that your problem is variable scope. If it's false after your construction statement, the problem lies in making the connection.

[esacol]

Google