Click here to Skip to main content
16,016,623 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi, i'm just trying to learn PDO and make a simple script following some tutorials on the web.

I've make a simple script that take user and password from textboxes and compare with the stored data in a MySQL Database.

The script seems to be working, but i always receive a login error, it must to give access only if an user is marked as Admin, in future i will handle more type of users.

Here is my portion of code that send checkbox data to checklogin, i've used the GET method just for testing, so i can test easely sending variable data in the URL.

PHP
echo '<form method="GET" action="inc/login/CheckLogin.php" >';
echo '<input type="text" placeholder="Username" class="form-control"  id="user" name="user" value="">';
echo '<input type="password" placeholder="Password" class="form-control"  id="pass" name="pass" value="">';
echo '<input type="submit" value="Login">


XML
The DB connect using this file, called dbcon.php

<pre lang="PHP">
$user='andreaem';
$pass=''; //password hide for security reason

try {
$dbh = new PDO("mysql:host=127.0.0.1;dbname=c9", $user,$pass);
echo 'con ok';
    }
catch(PDOException $e)
    {
    echo $e-&gt;getMessage();
    }</pre>



And this is the checklogin page

PHP
session_start(); //starting session

include '../dbcon.php'; //including connection procedure

$user = $_GET['user']; //get login data
$pass = $_GET['pass']; //get password 

$STM = $dbh->prepare("SELECT Type FROM members WHERE UserName = $user AND Password = $pass"); //prepare query

$_SESSION[Connection]=$dbh; //store query result

$STM -> execute(); // execute query

$count = $STM -> rowcount(); //count db rows

$STM -> fetch(); //fetch result

if($count = 1) {
    $_SESSION[type]=$row[0]; //store user roles in session
	$_SESSION[myusername]=$user; // store username in session
}

if($row[0] == 'Admin')	 { header( "location:../../index.php?status=2");}  //redirect admin user to index with status 2
    else    { header( "location:../../index.php?status=1"); }  //redirect on login error to index with status 1
    
$dbh = null; //clean query 


I know that's not perfect for security reason, but i'm not planning to use this script on production.

Once it make the login, the header redirect back to the login page, setting the variable $status to 2 if login success and 1 if login failed.

I got $status=1 every time i try, and when i try to catch error using var_dump() i got nothing.

In my php_error file i got this:

[17-Jul-2015 08:41:21 UTC] PHP Fatal error:  Uncaught exception 'PDOException' with message 'You cannot serialize or unserialize PDO instances' in [no active file]:0
Stack trace:
#0 [internal function]: PDO->__sleep()
#1 {main}
  thrown in [no active file] on line 0

Waiting for a reply, thanks a lot.
Posted
Updated 16-Jul-15 22:51pm
v3

1 solution

Try This
PHP
$STM = $dbh->prepare("SELECT Type FROM members WHERE UserName = ? AND Password = ?");


$STM->execute(1, $user);
$STM->execute(2, $pass);
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900