Need help with login form

[cscodismith]

I am currently working on a functional (PDO) login and registration page(s) and I am currently stuck on the login functions. I have googled myself but can not seem to find a very good tutorial that is up to date and uses PDO to complete this.

You can view the registration PHP code that I have finished here (Which is currently working just fine and writing to the database correctly). What left that I need to finish is creating the pages to verify the login credentials so people can actually login with the information that they registered with.

Best regards,
Codi

[cscodismith]

I have just finished hashing passwords finally! Hopefully that will make it much more secure now. If you’d like you can view the source code here. Also would you be able to help me setup an outline for the process (Ten to one) because I really am not sure where to get started on this.

[cscodismith]

Alright, thank you! I will start to work on getting these tasks finished and keep you updated if need be.

[cscodismith]

Hello, When going about this should I be doing this php code that checks if username exists in DB, etc in the login page where my module is located!?

[cscodismith]

I apologize but right now I am including my login.php file on every page so that it displays the login module to the left of the actual content that you can view live here. My login.php file currently consists of a div that just holds the form and ‘module’ of what is floating to the left of the content on the website. You can view the source code of my login.php here. Should I be creating a separate file to check for the username existing in the db already or should i be placing php tags under that file and doing it there!?

[cscodismith]

Throughout the past day I have been researching on google ‘<i>How to check if username already exists in database using PDO</i>’

All I have found that seems helpful is this line of code but am not entirely sure how to use it and where to put it. Like I said I am completely new to working this function. I am getting the following line of code from a stackexchange question that can be found here.

if( $row = $sthandler->fetch() ){
    // User exists: read its details here
}else{
    // User does not exist
}

Perhaps you may be able to help me further by directing me more into the right direction.

Best regards,
Codi

[Anonymous]

Hi Codi. PDO is just an interface for your database interactions. Your actual SQL statements will be the standard ones you’d normally use.

Checking whether the username exists is as simple as checking if your statement execute function returned a record. I would do it when I try to retrieve the password.

I’m on my phone, so code will be brief and possibly inaccurate!

$sql = "SELECT password FROM users WHERE username = :username";
$stmt = $db->prepare($sql);
$stmt->execute(array(":username" => $username));
// Executed, but no record returned.
// Username is UNIQUE, so it'll be one record or none
$row = $stmt->fetch();
// Check if anything was retrieved
if($row) {
    $row['password']...
}

[cscodismith]

Thank you for your response Ben. Tonight I dedicated most of my time figuring this out and have finally come to a conclusion of some sort on it. Users can now login with their credentials that they register with and do the <i>very basics</i> of what it is intended for. Tomorrow is another project – figuring out how to echo errors for when a user try’s to register with a username that is already taken, email validation, minimum/maximum and special characters for password(s) and username(s) and more. Thank you for your help again. I will be keeping this thread open so that if I need help in near future with this task I can come back here.

[cscodismith]

Alright, thank you. Where abouts would I go to make sure the username field is unique instead of checking?

There are also not many errors that I have setup seeming I am unsure how to echo those properly. I would like to echo some sort of thing when user has entered invalid username or password. You can test this live at HeartFX by just putting in any username and password that would be non-existent and once you do that and try to login, all it does is reload the module instead of displaying an error someplace in the module to inform the user.

You can view the entire source code of the login/registration system with the pastebin created here.

[cscodismith]

I just updated the code in the pastebin so the passwords are hashed. I must have accidently left them out while moving files and organizing my directory more.

[cscodismith]

I believe that I have set the username field to Unique within the database but am not sure really if it will still allow people to register with the same username or not. I have been having problems making restrictions happen in the registration page of this project.

For example, I have tried to make the username requirement to be at least 6 characters long with the following code:

<?php
if (strlen(':username')<6) {
   echo "Username must be atleast 6 characters";
} else {
   echo '<button type="submit" style="width: 100%; padding: 10px 5px;">Register account</button><br><br>';
}
?>

When testing the code above clicking on the submit button it would still register the username and other credentials no matter what even though the purpose of it is to make sure that nobody registers a username that isn’t a minimum of 6 characters. I have updated the source code on pastebin that can be found here if you would like to take a look at it for me.

[Anonymous]

if(strlen($username) < 6)

You’re currently testing against a hardcoded, 9 character string.

Why must usernames be at least 6 characters, though?

[cscodismith]

There is nothing hardcoded I believe. Currently on the site you can register with any character strlen – Meaning people can just register with a simple letter or even number. Feel free to test it live at http://www.heartfx.org/

[Anonymous]

My comment was in response to this:

the purpose of it is to make sure that nobody registers a username that isn’t a minimum of 6 characters

As to my hardcoded comment, I was just trying to show why your code wasn’t working as expected.

':username'

is a hardcoded, 9 character string.

$username

is a variable. You can give it a value that is provided by your users.

strlen(':username')

will always return 9, which is more than 6.

strlen($username)

Will return whatever length it’s set to.

Hope that’s helpful. On a phone again so sorry for the limited code samples!

[cscodismith]

Alright thank you I will give it a try again. I did not mean to make it sound like I want every user to have a username less then 6 characters, I meant I would them to each have a username that must be AT LEAST 6 characters.

My problem is when I write code to do so and it is supposed to echo an error when they try to submit the form with a username less than 6 characters it will redirect them to the form as to where the error will display for them and they will have to fix the username field. The code I had tried to do this was:

if(strlen(':username')<6 || strlen(':username')>25) {
   echo 'Username must be between 6 and 25 characters.';
   header("Location: register.php");
}

Unfortunately this code still allows users credentials (No matter what length of the username) be put into the database and the echo placed does not take effect.

[Author]

Posts