Good afternoon guys, I'm taking a course on a PHP real estate portal system that I bought and I packed up for the portal login system. The course uses PHP below version 5 and the instructor uses the automatic login script generation in msql from dreamweaver, I've been reading that this dreamweaver feature does not work very well. My PHP is 7.0 so I had to adapt the connection code with mysql to PDO by getting a ready code for login connection and registration of a trusted site. The connection to the database I think worked, but did not authorize user input to the other page when validating the correct password that is already in the database table user row. PHP accuses the 403 forbidden access error, I also noticed that it also accuses the following error together in the broswer URL 20% 20Undefined% 20variable:% 20loginFormAction% 20in% 20 "
I have tried everything to fix this error, I have already configured apache and changed all the ports of xampp, and it continues to prohibit access. I do not know if in PHP you have to give some kind of permission on the script folders. The funny thing is that when I test the code ready to register and login separately in xampp it authorizes access and goes to the other page normally, without any error, wanted to know what has to be done to authorize access.
The login code that the instructor asks to develop is not done in the registration pane first to register the password and the user's email, it already puts the data directly on a separate line of the database table without passing by the register as test. In the course I developed only the login script and panel, I do not know if that is why it is banning access with the 403 error, because when I test separately the script that I got ready with the registration and the login it works without any error.
I've also tried to create a new user in phpmyadmin with all the privileges and nothing. Here is the script code:
Error Image:
Ibelievethisistheloginactionclassoftheerroronline20,howeverIamusingVisualStudioCodedoesnotacknowledgeanyerroronline20andinanyprojectfile.IdonotknowifusingthePHPtoolsplugininthevisualstudiocommunitywouldmakeamistake.Hereistheclassbelow:
<?php
/**
* Class login
* handles the user's login and logout process
*/
class Login
{
/**
* @var object The database connection
*/
private $db_connection = null;
/**
* @var array Collection of error messages
*/
public $errors = array();
/**
* @var array Collection of success / neutral messages
*/
public $messages = array();
/**
* the function "__construct()" automatically starts whenever an object of this class is created,
* you know, when you do "$login = new Login();"
*/
public function __construct()
{
// create/read session, absolutely necessary
session_start();
// check the possible login actions:
// if user tried to log out (happen when user clicks logout button)
if (isset($_GET["logout"])) {
$this->doLogout();
}
// login via post data (if user just submitted a login form)
elseif (isset($_POST["login"])) {
$this->dologinWithPostData();
}
}
/**
* log in with post data
*/
private function dologinWithPostData()
{
// check login form contents
if (empty($_POST['nome'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['senha'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['nome']) && !empty($_POST['senha'])) {
// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// change character set to utf8 and check it
if (!$this->db_connection->set_charset("utf8")) {
$this->errors[] = $this->db_connection->error;
}
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escape the POST stuff
$user_name = $this->db_connection->real_escape_string($_POST['nome']);
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT nome, email, senha
FROM freitas_clientes
WHERE nome = '" . $user_name . "' OR email = '" . $user_name . "';";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['senha'], $result_row->user_password_hash)) {
// write user data into PHP SESSION (a file on your server)
$_SESSION['nome'] = $result_row->user_name;
$_SESSION['email'] = $result_row->user_email;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
/**
* perform the logout
*/
public function doLogout()
{
// delete the session of the user
$_SESSION = array();
session_destroy();
// return a little feeedback message
$this->messages[] = "You have been logged out.";
}
/**
* simply return the current state of the user's login
* @return boolean user's login status
*/
public function isUserLoggedIn()
{
if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
return true;
}
// default return
return false;
}
}