I am trying to set up a user login page (basic training as i learn php) but the page is not working as i think i have problems with the part where i count the number of rows (i check that the number of rows in my user_table database where the login and password inputed match to tthe one that have been entered is =1).
I’m in PDO and I don’t want to use mysql_num_rows which is being deprecated or at least it is recommended not to use it. Instead, I want to use Found_rows
Here is my login_page.php:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>LOGIN PAGE</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
<body>
<h1>Connect to your account</h1>
<form method="post" action="login_verify.php">
<input type="text" name="inputed_username" size="35" maxlength="30" required="required" value="Enter your login" /><br/><br/>
<input type="password" name="inputed_password" size="35" maxlength="30" required="required" value="Enter your password" /><br/><br/>
<input type="submit" name="submit "value="Connect me !" />
</form>
</body>
</html>
Then here is the php file where I check if the {login,password} entered are correct in this login_verify.php file:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>login process check-up</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
if (isset($_POST['submit']))//if the button submit has not been clicked on
{
try
{
//database connection
$dbhost = "localhost";
$dbname = "test";
$dbuser = "root";
$dbpass = "";
$pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
$bdd = new PDO("mysql:host=$dbhost;dbname=$dbname; charset=UTF8",$dbuser,$dbpass,$pdo_options);
$bdd -> query('SET NAMES utf8');
//the database is checked to see if there is a match for the couple {user,password}
$user = $_POST['inputed_username'];
$password = $_POST['inputed_password'];
//preparaiton and execution of the request
$req = $bdd->prepare('SELECT * from user_table WHERE login= :login && password= :password LIMIT 1');
$req->execute(array(
'login' => $user,
'password' => $password));
$foundrows = $req->query("SELECT FOUND_ROWS()")->fetchColumn();//the number of rows are counted
//we check if there is a match for the login-password
if ($foundrows == 1)//if we find one that matches
{
session_start();
$_SESSION['username'] = $req['login'];
$_SESSION['fname'] = $req['first_name'];
$_SESSION['lname'] = $req['last_name'];
$_SESSION['logged'] = TRUE;
header("Location: first_page.php");
exit();
}
else //if we don't find any match
{
header("Location: login_page.php");
exit;
}
}
catch (Exception $e)
{
die('Erreur: '.$e->getMessage());
}
}
else //if the submit button has not been clicked on
{
header ("Location: login_page.php");
exit;
}
?>
If any of you know where the problem lies it would be great.
I think it comes from a misuse of found_rows. It’s the first time I use it so I feel I’ve something badly but I don’t know what it is.
FOUND_ROWS()only works if you use it after a select query where you had theSQL_CALC_FOUND_ROWSoption in the select query, and is only truly useful if it’s a LIMIT query. FOUND_ROWS() is the number of rows that WOULD have been returned if not for the limit clause.For non-LIMITed queries, you use
mysql_num_rows()instead.Presumably your database is setup that
loginis a primary/unique key field, so your query would only ever return at most one row anyways, so the limit is pointless.