Loginsystem username and email

ma_PG · August 19, 2019, 11:57pm

I try to make a login system for my website, but I can’t get email and username in the code.

<?php
session_start();
$pdo = new PDO('mysql:host=localhost;dbname=test', 'root', '');

if(isset($_GET['login'])) {
    $email = $_POST['email'];
    $passwort = $_POST['passwort'];

    $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
    $result = $statement->execute(array('email' => $email));
    $user = $statement->fetch();

    //Überprüfung des Passworts
    if ($user !== false && password_verify($passwort, $user['passwort'])) {
        $_SESSION['userid'] = $user['id'];
        $_SESSION['username'] = $user['username'];
        die('Login erfolgreich. Weiter zu <a href="geheim.php">internen Bereich</a>');
    } else {
        $errorMessage = "E-Mail oder Passwort war ungültig<br>";
    }

  }
  ?>
 <!DOCTYPE html>
  <html>
  <head>
  <title>Login</title>
  </head>
  <body>

  <?php
  if(isset($errorMessage)) {
    echo $errorMessage;
  }
  ?>

  <form action="?login=1" method="post">
    E-Mail:<br>
    <input type="email" size="40" maxlength="250" name="email"><br><br>

    Dein Passwort:<br>
    <input type="password" size="40"  maxlength="250" name="passwort"><br>

    <input type="submit" value="Abschicken">
  </form>
  </body>
  </html>

I hope that you can help me, thx ma_PG_

frankbeen · August 20, 2019, 12:14am

your question is not clear, Try to give us more information.

You should not store passwords in your database but hashes and compare hashes and not plain passwords .

benanamen · August 20, 2019, 1:34am

@frankbeen, The OP is using password_verify so he obviously has hashed passwords. There is no indication whatsoever he is using plaintext passwords.

It’s great you want to help but please make sure you know what your talking about and that your response is to the question posted. In this case, I do agree OP is not clear in what he is asking.

OP, please clairify your question.

tp45 · August 20, 2019, 7:39am

This line $result = $statement->execute(array(‘email’ => $email)); get the result so the second one $user = $statement->fetch(); should be fetching the result Like $user = $statement->fetch($result);

and try to debug by doing this die(print_r($result,true)); and do this for $user too

I hope this helps