I have a problem to authenticate a website with php, when I put the data in the form it returns the error message that I enter if it crashed and another errorCode 0000 message in the login method. Apparently I did not find any syntax errors or anything else in the code. Here is the code that I'm having the problem with:
1) User Class - class.user.php
<?php
require_once('././conexao/DbConfiguration.php');
class User
{
private $conn;
private $userRoles;
function __construct()
{
$database = new Database();
$db = $database->dbConnection();
$this->conn = $db;
$this->userRoles = array();
}
public function runQuery($sql)
{
$stmt = $this->conn->prepare($sql);
return $stmt;
}
public function doLogin($username, $password, $rolename)
{
try
{
$query = "SELECT u.username, u.password, r.rolename FROM user_roles ur LEFT JOIN users u ON ur.userID=u.iD ";
$query .= "LEFT JOIN roles r ON ur.roleID=r.ID WHERE u.username=:uname && r.rolename=:rolename ";
$stmt = $this->conn->prepare($query); //"SELECT * FROM users WHERE username=:uname "
$stmt->execute(array(':uname'=>$username,':rolename'=>$rolename));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$passwordAux = md5($password);
if($stmt->rowCount() > 0)
{
if(password_verify($passwordAux, $userRow['password']))
{
//$_SESSION['user_session'] = $userRow['user_id'];
$_SESSION['ss_user_id'] = $userRow['user_id'];
//$_SESSION['access'] = $userRow['access'];
return true;
}
else
{
return false;
}
}
else
{
echo "\nPDO::errorCode():\n";
print_r($stmt->errorCode());
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
2) Login Page - login.php
<?php
require_once 'includes/inputs.php';
require_once 'includes/classes/class.user.php';
if ( !isset($pagetitle) )
{
$pagetitle = "QuestWeb - [Acesso Restrito]";
}
$user_login = new USER();
if (isset($_POST['btn-login']))
{
$uname = verifyInput($_POST['nmusr']);
$upass = verifyInput($_POST['pswd']);
$roles = array("1" => "Administrators", "2" => "Users", "3" => "Authors");
if( $user_login->doLogin($uname,$upass, $roles[1]) )
{
$user_login->redirect('modulos/dashboard-1.php');
//$message = "OK";
}
else if( $user_login->doLogin($uname,$upass, $roles[2]) )
{
$user_login->redirect('modulos/dashboard-2.php');
}
else if( $user_login->doLogin($uname,$upass, $roles[3]) )
{
$user_login->redirect('modulos/dashboard-3.php');
}
else
{
$message = "<label>Falha de acesso</label>";
}
}
?>
<html>
....
<?php
if(isset($message))
{
?>
<div class="alert alert-danger">
<i class="glyphicon glyphicon-warning-sign"></i> <?php echo $message; ?> !
</div>
<?php
}
?>
<form method="post" class="login-form" id="login-form">
<div class="form-group">
<label class="sr-only" for="form-username">Usuúrio</label>
<input type="text" name="nmusr" placeholder="Usuário" class="form-control" id="form-username">
</div>
<div class="form-group">
<label class="sr-only" for="form-password">Senha</label>
<input type="password" name="pswd" placeholder="Senha" autocomplete="off" class="form-control" id="form-password">
</div>
<hr>
<button type="submit" class="btn btn-link-2" name="btn-login">ENTRAR NO SISTEMA</button>
<hr>
<div id="form-group">
<a href="alterar_senha.php" class="btn btn-link forgot-link">Esqueceu a senha</a>
</div>
</form>