Hello,
I’m trying to make a PDO login system,
What are the mistakes here?
private function dologinWithPostData()
{
if (empty($_POST['user_name'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['user_password'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
$user_name = $_POST['user_name'];
try {
$conn = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=utf8", DB_USER, DB_PASS);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT user_name, user_email, user_password_hash FROM users WHERE user_name=:user_name");
$stmt->bindParam("user_name", $user_name, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
$this->errors[] = "Username password combination is wrong!";
}else{
if (password_verify($_POST['user_password'], $result['user_password_hash'])) {
$_SESSION['user_name'] = $result['user_name'];
$_SESSION['user_email'] = $result['user_email'];
$_SESSION['user_login_status'] = 1;
}else{
$this->errors[] = "Username password combination is wrong!";
}
}
} catch(PDOException $e) {
$this->errors[] = "Error: " . $e->getMessage();
}
$conn = null;
}
}