hi guys,
Dev shed rocks. I thought I should share this and see if I am missing something in my code or if something else is wrong.
I am writing a small application that needs a login but I am not using mysql. It's supposed to capture data etc so I chose to go with sqlite using the pdo extension. Now if I login from the login page, it does not redirect me to the home page I have pasted the code so any help will do please. Thanks and God bless....
if(!isset($_POST['user_name'], $_POST['password']))
{
$message = "Please ensure you have filled in your username and password";
}
elseif(trim(strlen($_POST['user_name']))> 14 || trim(strlen($_POST['user_name']))< 4)
{
$message = "The Length of your username is Incorrect";
}
elseif(trim(($_POST['password']))> 14 || trim(strlen($_POST['password']))< 5)
{
$message = "Your password is too Short";
}
elseif(ctype_alnum($_POST['user_name']) || ctype_alnum($_POST['password']))
{
$message = "Both your username and your password must contain alpha numeric Characters alone";
}
else{
$uname = filter_var($_POST['user_name'], FILTER_SANITIZE_STRING);
$passwd = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$passwd = sha1($_POST['password']);
try{
$conn = new PDO('sqlite:'.$_SERVER['DOCUMENT_ROOT'].'/db/mediamgt.s3db');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT user_name FROM users WHERE user_name = :uname AND password = :passwd");
$stmt->bindParam(':uname', $uname, PDO::PARAM_STR);
$stmt->bindParam(':passwd', $passwd, PDO::PARAM_STR, 50);
$stmt->execute();
$validuser = $stmt->fetch(PDO::FETCH_BOTH);
if(isset($validuser)){
$message = "YESSSSSSSSSSSSS...";
}
ob_start();
session_start();
$_SESSION['name'] = $uname;
header("location:http://localhost/mediamgt/home.php");
exit;
} catch(PDOException $e)
{
echo "There was a problem...Details: ". $message ;
$e->showMessage();
header("Location:http://localhost/mediamgt/index.php");
}
}
