Reutring incorrect data from database

Question

0.00/5 (No votes)

See more:

Hi
In the below code, when I run it and input the values as it's in the PostgreSQL database it's showing 'Invalid password' in client's table where it's totally correct.

PHP

<pre><?php
include "dbconn.php";

if (isset($_POST['submit'])) {
    try {
        $cuid = $_POST['username'];
        $cpass = $_POST['password'];

        // Check if username exists in Clients table
        $stmt = $pdo->prepare("SELECT * FROM clients WHERE cuid = :cuid");
        $stmt->execute(array(':cuid' => $cuid));
        $result = $stmt->fetch();

        if ($result) {
            if (password_verify($cpass, $result['cpass'])) {
                header("Location: dashboard.html");
                exit;
            } else {
                echo "Invalid password";
            }
        } else {
            // Check if username exists in SubUser table
            $stmt = $pdo->prepare("SELECT * FROM SubUser WHERE SubUsrID = :cuid");
            $stmt->execute(array(':cuid' => $cuid));
            $result = $stmt->fetch();

            if ($result) {
                if (password_verify($cpass, $result['SubUsrPass1'])) {
                    header("Location: dashboard-Sub.html");
                    exit;
                } else {
                    echo "Invalid password";
                }
            } else {
                // Check if username exists in BervEmp table
                $stmt = $pdo->prepare("SELECT * FROM BervEmp WHERE BerEmpID = :cuid");
                $stmt->execute(array(':cuid' => $cuid));
                $result = $stmt->fetch();

                if ($result) {
                    if (password_verify($cpass, $result['pass'])) {
                        header("Location: empdashboard.html");
                        exit;
                    } else {
                        echo "Invalid password";
                    }
                } else {
                    echo "Invalid username";
                }
            }
        }
    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}
?>

php code of database connection:

PHP

<pre><?php
class Db
{
    private $dsn;
    private $user;
    private $password;
    private $pdo;

    public function __construct($dsn, $user, $password)
    {
        $this->dsn = $dsn;
        $this->user = $user;
        $this->password = $password;
    }

    private function connect()
    {
        try {
            $this->pdo = new PDO($this->dsn, $this->user, $this->password);
        } catch (PDOException $e) {
            echo "Connection failed: " . $e->getMessage();
        }
    }

    public function getPdo()
    {
        if (!$this->pdo) {
            $this->connect();
        }
        return $this->pdo;
    }
}

$dsn = "pgsql:host=localhost;dbname=Beravaa";
$user = "postgres";
$password = "222222";

$db = new Db($dsn, $user, $password);
$pdo = $db->getPdo();

if ($pdo) {
    echo "Connected to the database successfully";
} else {
    echo "Failed to connect to the database";
}
?>

What I have tried:

I tried to change the data type of the column to text, but it's the same.

Posted 14-Feb-23 10:23am

Mohamad Simo

Updated 15-Feb-23 0:09am

v2

Add a Solution

Comments

Richard MacCutchan 15-Feb-23 4:15am

It is a simple matter to create a hash of the password field and compare it with the value returned from the database.

Andre Oosthuizen 15-Feb-23 10:11am

As OriginalGriff pointed out, you need to run your debugger line by line, it will highlight your error for you in VS.

Other than that, your error checking is good, maybe just change the message that you return as they are called the same in 3 IF blocks, this way you will at least know which block throws the error -

echo "Invalid password in my Login";

echo "Invalid password as the User Exist in SubUser Table";

echo "Invalid password as the User Exist in BervEmp Table";

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2023-02-14T18:49:00

How do you know it is correct? What value did you store in the DB? How did you store it? What value is returned by the SELECT? Do the rows even exist? Are you even connected to the correct database?

You need to look at exactly what is happening while your code is running - and we can't do that - we don't have access to your full code or your database and you need both of those to work out where it is going wrong.

So, it's going to be up to you.
Fortunately, you have a tool available to you which will help you find out what is going on: the debugger. How you use it depends on your compiler system, but a quick Google for the name of your IDE and "debugger" should give you the info you need.

Put a breakpoint on the first line in the function, and run your code through the debugger. Then look at your code, and at your data and work out what should happen manually. Then single step each line checking that what you expected to happen is exactly what did. When it isn't, that's when you have a problem, and you can back-track (or run it again and look more closely) to find out why.

Sorry, but we can't do that for you - time for you to learn a new (and very, very useful) skill: debugging!