Hi, i'm just trying to learn PDO and make a simple script following some tutorials on the web.
I've make a simple script that take user and password from textboxes and compare with the stored data in a MySQL Database.
The script seems to be working, but i always receive a login error, it must to give access only if an user is marked as Admin, in future i will handle more type of users.
Here is my portion of code that send checkbox data to checklogin, i've used the GET method just for testing, so i can test easely sending variable data in the URL.
echo '<form method="GET" action="inc/login/CheckLogin.php" >';
echo '<input type="text" placeholder="Username" class="form-control" id="user" name="user" value="">';
echo '<input type="password" placeholder="Password" class="form-control" id="pass" name="pass" value="">';
echo '<input type="submit" value="Login">
The DB connect using this file, called dbcon.php
<pre lang="PHP">
$user='andreaem';
$pass=''; //password hide for security reason
try {
$dbh = new PDO("mysql:host=127.0.0.1;dbname=c9", $user,$pass);
echo 'con ok';
}
catch(PDOException $e)
{
echo $e->getMessage();
}</pre>
And this is the checklogin page
session_start();
include '../dbcon.php';
$user = $_GET['user'];
$pass = $_GET['pass'];
$STM = $dbh->prepare("SELECT Type FROM members WHERE UserName = $user AND Password = $pass");
$_SESSION[Connection]=$dbh;
$STM -> execute();
$count = $STM -> rowcount();
$STM -> fetch();
if($count = 1) {
$_SESSION[type]=$row[0];
$_SESSION[myusername]=$user;
}
if($row[0] == 'Admin') { header( "location:../../index.php?status=2");}
else { header( "location:../../index.php?status=1"); }
$dbh = null;
I know that's not perfect for security reason, but i'm not planning to use this script on production.
Once it make the login, the header redirect back to the login page, setting the variable $status to 2 if login success and 1 if login failed.
I got $status=1 every time i try, and when i try to catch error using var_dump() i got nothing.
In my php_error file i got this:
[17-Jul-2015 08:41:21 UTC] PHP Fatal error: Uncaught exception 'PDOException' with message 'You cannot serialize or unserialize PDO instances' in [no active file]:0
Stack trace:
#0 [internal function]: PDO->__sleep()
#1 {main}
thrown in [no active file] on line 0
Waiting for a reply, thanks a lot.