Problem with authentication in PHP, returns PDO :: errorCode (): 00000

0

I have a problem to authenticate a website with php, when I put the data in the form it returns the error message that I enter if it crashed and another errorCode 0000 message in the login method. Apparently I did not find any syntax errors or anything else in the code. Here is the code that I'm having the problem with:

1) User Class - class.user.php

<?php
   require_once('././conexao/DbConfiguration.php');


class User
{
  private $conn;

  private $userRoles;      

 function __construct()
 {
    $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;

    $this->userRoles = array();        
 }

 public function runQuery($sql)
 {
        $stmt = $this->conn->prepare($sql);
        return $stmt;
 }

 public function doLogin($username, $password, $rolename)
 {
     try
     {                      
       $query  = "SELECT u.username, u.password, r.rolename FROM user_roles ur LEFT JOIN users u ON ur.userID=u.iD ";
       $query .= "LEFT JOIN roles r ON ur.roleID=r.ID WHERE u.username=:uname && r.rolename=:rolename ";

       $stmt = $this->conn->prepare($query); //"SELECT * FROM users WHERE username=:uname "
       $stmt->execute(array(':uname'=>$username,':rolename'=>$rolename));
       $userRow = $stmt->fetch(PDO::FETCH_ASSOC);
       $passwordAux = md5($password);                                            

       if($stmt->rowCount() > 0)
       {
         if(password_verify($passwordAux, $userRow['password']))
         {                
            //$_SESSION['user_session'] = $userRow['user_id'];                
            $_SESSION['ss_user_id'] = $userRow['user_id'];
            //$_SESSION['access'] = $userRow['access'];                                                                                                                
            return true;
         }
         else
         {                
            return false;
         }             


       }
       else
       {
         echo "\nPDO::errorCode():\n";
         print_r($stmt->errorCode());
       }
      }
      catch(PDOException $e)
      {
         echo $e->getMessage();             
      }
 }

2) Login Page - login.php

  <?php      

  require_once 'includes/inputs.php';   
  require_once 'includes/classes/class.user.php';

  if ( !isset($pagetitle) )
  {
     $pagetitle = "QuestWeb - [Acesso Restrito]";
  }


  $user_login = new USER();

  if (isset($_POST['btn-login']))
  {
      $uname  = verifyInput($_POST['nmusr']);
      $upass  = verifyInput($_POST['pswd']);
      $roles  = array("1" => "Administrators", "2" => "Users", "3" =>    "Authors");

  if( $user_login->doLogin($uname,$upass, $roles[1]) )
  {
      $user_login->redirect('modulos/dashboard-1.php');
      //$message = "OK";
  }
  else if( $user_login->doLogin($uname,$upass, $roles[2]) )
  {
     $user_login->redirect('modulos/dashboard-2.php');
  }
  else if( $user_login->doLogin($uname,$upass, $roles[3]) )
  {
     $user_login->redirect('modulos/dashboard-3.php');
  }
  else
  {
      $message = "<label>Falha de acesso</label>";          
  }
 }
 ?>
<html>
....
<?php                                
   if(isset($message))
   {
  ?>
  <div class="alert alert-danger">
      <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $message; ?> !
   </div>
   <?php
   }
?>
<form method="post" class="login-form" id="login-form">
    <div class="form-group">
        <label class="sr-only" for="form-username">Usu&uacute;rio</label>
        <input type="text" name="nmusr" placeholder="Usu&aacute;rio" class="form-control" id="form-username">
    </div>

    <div class="form-group">
        <label class="sr-only" for="form-password">Senha</label>
        <input type="password" name="pswd" placeholder="Senha" autocomplete="off" class="form-control" id="form-password">
    </div>

   <hr>

   <button type="submit" class="btn btn-link-2" name="btn-login">ENTRAR NO SISTEMA</button>

  <hr>

  <div id="form-group">
        <a href="alterar_senha.php" class="btn btn-link forgot-link">Esqueceu a senha</a>
  </div>
    </form>
    
asked by anonymous 03.11.2016 / 03:19

1 answer

0

This message is appearing because this condition $stmt->rowCount() > 0 is never true.

According to the PHP documentation the rowCount function:

PDOStatement :: rowCount () returns the number of rows affected by the last DELETE , INSERT , or UPDATE statement executed by the corresponding PDOStatement object.

In the case of SELECT, this function does not take effect.

You can work around this problem using another comparison like:

userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$passwordAux = md5($password);

if ($userRow) {
    if (password_verify($passwordAux, $userRow['password'])) {
        // $_SESSION['user_session'] = $userRow['user_id'];
        $_SESSION['ss_user_id'] = $userRow['user_id'];
        // $_SESSION['access'] = $userRow['access'];
        return true;
    } else {
        return false;
    }
} else {
    echo "\nPDO::errorCode():\n";
    print_r($stmt->errorCode());
}
    
03.11.2016 / 12:06