1

I want to create a login page in php using PDO and I have created this class which includes the function login which makes the login.

<? php

class Utente {

  private $db;


  function __construct($conn) {
    $this - > db = $conn;
  }


  public static
  function login($nome_utente, $password) {



    $nome_utente = $_POST['nome_utente'];
    $password = $_POST['password'];

    if ($nome_utente == '') {
      echo "Fill the name";
    }

    try {

      $stmt = $this - > db - > prepare("SELECT * FROM utente WHERE nome_utente = :nome_utente AND password=:password");
      $stmt - > execute();
      $utenteRow = $stmt - > fetch(PDO::FETCH_NUM);

      if ($utenteRow > 0) {

        echo "You are logged in";

      } else echo "The username doesnt match with the password!";


    } catch (PDOException $e) {
      echo $e - > getMessage();
    }

  }
}?>

<!-- begin snippet: js hide: false console: true babel: false -->
<form action="" method="POST">
  Name
  <input type="text" name="nome_utente" />PAS
  <input type="text" name="password" />
  <input type="submit" name="submit" value="login" />
</form>

Now I want to call this function to see the result of the login.I create this new class in another php file to call it:

<?php
class Call
{
  public  function call()
    {
        $var=Utente::login();
        return $var;
    }
}
?>

The problem is when I execute the secon file with the class Call I see a blank page. Have I done something wrong? Can someone tell me how to do the login of the user in the right way? Thanks!

Doee
  • 23
  • 6

2 Answers2

3

You made not a class but a function. Classes are used different way.

class Utente {

  private $db;

  function __construct($conn) {
    $this->db = $conn;
  }

  public function login($nome_utente, $password)
  {
      $stmt = $this->db->prepare("SELECT * FROM utente WHERE nome_utente = ?");
      $stmt->execute([$nome_utente]);
      $row = $stmt->fetch();
      if ($row && password_verify($password, $row['password']) {
        return $row;
      }
  }

then you have to use it this way

$utente = new Utente($db);
$var = $utente->login($_POST['nome_utente'], $_POST['password']);
if (!$var) {
    echo "The username doesnt match with the password!";
}

but it could be too complex for you so you'd better forget classes for a while and stick to functions

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

The main problem is that you are not storing the state: After your login script finishes, nothing is set / changed so on the next request the server does not know that there is a logged-in user.

On a successful login, you should store the state in for example a session variable. Then you can check when you start your script if that session variable is set and what the value is.

Apart from that you should never store plain-text passwords, see for example How can I store my users' passwords safely?

And about your last script / class. Where do you use it? Also note that the login() method does not return anything so $var will be empty.

Edit: By the way, you should either send 2 parameters to your Utente::login() method when you call it or remove these parameters from the method definition as you don't use them anyway.

Community
  • 1
  • 1
jeroen
  • 91,079
  • 21
  • 114
  • 132