SQLSTATE[42000], undefined password

Question

I have a little problem, because when I am trying to login on my page i gets two errors: one of them that's undefined password ( I checked the html form and other sources where problem can appear but didn't find anything.) The second one it's "Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:

<!DOCTYPE html>
<html>
<head>
<title> Strona o nalewkach </title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">
<link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container h-100">
  <div class="d-flex justify-content-center h-100">
    <div class="user_card">
      <div class="d-flex justify-content-center">
         <div class="brand_logo_container">
             <img src= "img/logo.png" class="brand_logo" alt="Nalewki">
         </div>
      </div>
      <div class="d-flex justify-content-center form_container">
        <form>
        <div class="input-group mb-3">
         <div class="input-group-append">
           <span class="input-group-text"><i class="fas fa-user"></i></span>
           </div>
           <input type="text" name="username" id="username" class="form-control input_user" required>
           </div>
        
        <div class="input-group mb-2">  
         <div class="input-group-append">
           <span class="input-group-text"><i class="fas fa-key"></i></span>
         </div>
           <input type="password" name="password" id="password" class="form-control input_pass" required>
        </div>
    
    <div class="form-group">
    <div class="custom-control custom-checkbox">
      <input type="checkbox" name="rememberme" class="custom-control-input" id="customControlInLine">
      <label class="custom-control-label" for="customControlInLine">Zapamiętaj mnie</label>
      </div>
     </div>
    </div>
    <div class="d-flex justify-content-center mt-3 login-container">
    </div>
     </form>
    <div class="mt-4"> 
        <div class="d-flex justify-content-center links">
    Nie posiadasz konta? <a href="#" class="ml-2">Zarejestruj sie</a>
    <script>
    $(function(){
    $('#login').click(function(e){
        var valid = this.form.checkValidity();
        if(valid){
            var username = $('#username').val();
            var password = $('password').val();
        }
        e.preventDefault();
    $.ajax({
    type: 'POST',
            url: 'jslogin.php',
            data: {username: username, password: password},
            success: function(data){
                alert(data);
                if ($.trim(data)==="1"){
                    setTimeout(' window.location.href = "index.php"',2000);
                }
            },
            error: function(data){
                alert('wystapil blad');
            }
    });
    });
    });
    </script>
    </body>

    </html>

jslogin.php:

    <?php
require_once('config.php');

$username = $_POST['username'];

$password = $_POST['password'];




$sql = "SELECT  * FROM useraccounts.users where username = ? AND password = ? LIMIT=1 ";
$stmtselect = $db->prepare($sql);
$result = $stmtselect->execute([$username,$password]);
if($result){
    $user=$stmtselect->fetch(PDO::FETCH_ASSOC);
    if($stmtselect->rowCount() > 0){
        
    echo '1';
    }else{
        echo'Nie znaleziono uzytkownika';
    }
    }else{
        

echo'Wystapily bledy przy laczeniu z baza danych';
        

    }
        ?>

**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Nov 18 '20 at 19:14

score 0 · Answer 1 · answered Nov 18 '20 at 20:10

0

In jslogin.php, change the POST section like this:

$username = '';
$password = '';

if (isset($_POST['username'], $_POST['password'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
}

Also, in JavaScript code, add sharp sign to password line:

if(valid){
    var username = $('#username').val();
    // You forgot to add sharp here
    // var password = $('password').val();
    // Correct one
    var password = $('#password').val();
}

I had the same problem with isset(), and I solved it like this.

answered Nov 18 '20 at 20:10

harundemir918

432
1
4
14

I did this, but now I have error like: https://gyazo.com/3ca03b4a7455cb0b625122e8cf33d6b1 16 line is like: $result = $stmtselect->execute([$username,$password]); if($result){ $user=$stmtselect->fetch(PDO::FETCH_ASSOC); if($stmtselect->rowCount() > 0){ echo '1'; }else{ echo'Nie znaleziono uzytkownika'; } }else{ echo'Wystapily bledy przy laczeniu z baza danych'; } ?> – Bordo Nov 21 '20 at 14:54
It says you have to fix errors in your SQL syntax. Check the syntax. – harundemir918 Nov 21 '20 at 15:28

SQLSTATE[42000], undefined password

1 Answers1