0

i am not master in Php, what i am trying to do is login system. But i get this error message:

Error: SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "client" does not exist LINE 1: SELECT * FROM Client WHERE CUID = $1 ^.

php connection code:

<?php
class Db
{
    private $dsn;
    private $user;
    private $password;
    private $pdo;

    public function __construct($dsn, $user, $password)
    {
        $this->dsn = $dsn;
        $this->user = $user;
        $this->password = $password;
    }

    private function connect()
    {
        try {
            $this->pdo = new PDO($this->dsn, $this->user, $this->password);
        } catch (PDOException $e) {
            echo "Connection failed: " . $e->getMessage();
        }
    }

    public function getPdo()
    {
        if (!$this->pdo) {
            $this->connect();
        }
        return $this->pdo;
    }
}

$dsn = "pgsql:host=localhost;dbname=Beravaa";
$user = "postgres";
$password = "222222";

$db = new Db($dsn, $user, $password);
$pdo = $db->getPdo();

if ($pdo) {
    echo "Connected to the database successfully";
} else {
    echo "Failed to connect to the database";
}
?>

php login code:

<?php
include "dbconn.php";

if (isset($_POST['submit'])) {
    try {
        $cuid = $_POST['username'];
        $cpass = $_POST['password'];

        // Check if username exists in Clients table
        $stmt = $pdo->prepare("SELECT * FROM Clients WHERE CUID = :cuid");
        $stmt->execute(array(':cuid' => $cuid));
        $result = $stmt->fetch();

        if ($result) {
            if (password_verify($cpass, $result['CPass'])) {
                header("Location: dashboard.html");
                exit;
            } else {
                echo "Invalid password";
            }
        } else {
            // Check if username exists in SubUser table
            $stmt = $pdo->prepare("SELECT * FROM SubUser WHERE SubUsrID = :cuid");
            $stmt->execute(array(':cuid' => $cuid));
            $result = $stmt->fetch();

            if ($result) {
                if (password_verify($cpass, $result['SubUsrPass1'])) {
                    header("Location: dashboard-Sub.html");
                    exit;
                } else {
                    echo "Invalid password";
                }
            } else {
                // Check if username exists in BervEmp table
                $stmt = $pdo->prepare("SELECT * FROM BervEmp WHERE BerEmpID = :cuid");
                $stmt->execute(array(':cuid' => $cuid));
                $result = $stmt->fetch();

                if ($result) {
                    if (password_verify($cpass, $result['pass'])) {
                        header("Location: empdashboard.html");
                        exit;
                    } else {
                        echo "Invalid password";
                    }
                } else {
                    echo "Invalid username";
                }
            }
        }
    } catch (PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}
?>

the table is exist in the database so could some one please explain what the issue is and the way to fix it

user3513923
  • 1
  • 1
  • 2
    The code and error message don't align. Error states`FROM Client WHERE` and `ERROR: relation "client" does not exist` but code has `FROM Clients WHERE` perhaps there is other code running? – user3783243 Feb 14 '23 at 14:37
  • 2
    Also, unrelated to current issue but don't tell users `Invalid password`. That tells a malicious user they have identified a correct username for your system, they then have 1 less thing to bruteforce. Just say invalid credentials. – user3783243 Feb 14 '23 at 14:40

0 Answers0