0

I cant seem to figure out what to do here. I am trying to take a users username and password and compare it to hashed password in the db in order to validate their credentials and log them in.

Here is the code:

session_start();  // Start Session

include 'db.php';
$dbh = new PDO("mysql:host=$dbhost;dbname=$database_name", $dbusername, $dbpasswd);

// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

/*if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login.html';
    exit();*/
//}

$sql = $dbh->prepare("SELECT * FROM users WHERE username=?");
$result = $sql->execute([$username]);
$users = $result->fetchAll();
// $sql = "SELECT * FROM users WHERE username = ?";
// $stmt = $dbh->prepare($sql);
// $result = $stmt->execute([$username]);
// $users = $result->fetchAll();
if (isset($users[0])) {
    if (password_verify($password, $users[0]->password)) {
        //Register some session variables!  
        session_register('email_address');
        $_SESSION["username"] = $username;
        $_SESSION["email_address"] = $email_address;
        //session_register('special_user');
        $_SESSION["user_level"] = $user_level;


        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

        header("Location: daily_picks.php");
    } else {
        echo "Invalid Credentials";
        include 'login.html';
    }
} else {
        echo "Invalid Credentials";
        include 'login.html';
}

Getting the error call to member function fetchAll() on a non-object in . . .

user3205214
  • 65
  • 1
  • 7
  • 1
    you're mixing MySQL APIs, why? Read up on [**PDO with prepared statements**](http://php.net/pdo.prepared-statements). – Funk Forty Niner Apr 23 '15 at 15:23
  • 1
    Verify that the connection is active. You may be trying to execute a statement on a PDO connection that has either been terminated or not properly initialized to begin with. – David Wyly Apr 23 '15 at 15:24
  • @Fred-ii- disregard the mysql_query i will change that when i get down there in the code. If you remember from yesterday i am going through my code and changing everything to PDO – user3205214 Apr 23 '15 at 15:25
  • well, you haven't binded and check if your form's elements bear the name attributes. see the link I gave you above. you're also executing on the wrong variable – Funk Forty Niner Apr 23 '15 at 15:27
  • 2
    Instead of `$result->fetchAll();` try `$sql->fetchAll();` – David Wyly Apr 23 '15 at 15:28
  • or just use ircmaxell's answer http://stackoverflow.com/a/29778421/ *done like dinner* ;-) – Funk Forty Niner Apr 23 '15 at 15:31

1 Answers1

2

Your object is $sql.

So:

$result = $sql->execute([$username]);
$users = $result->fetchAll();

should be:

$result = $sql->execute([$username]);
$users = $sql->fetchAll();

Note that execute() returns a boolean value.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • 1
    Thank you. this moved me on to the next part of my code where im running into invalid credentials. I am assuming this is happening bc of mysql_query. I am going to change that right now and hopefully ill get through this page. Thanks again! – user3205214 Apr 23 '15 at 15:30