Problem with login function

genista

Hi,

I am stuck with a login script, the login.php page calls a dbconnect page which in turn calls a user.class script which handles registrations, logins, logouts etc. I have a user in the db that was setup with the register class, now I want to login with that user but am getting a wrong details error returned which you will see below. I just cannot see what the problem is, I am even printing out the username and password to make they are getting into POST:

User.Class:

 public function login($email,$password)
    {
       try
       {
          $stmt = $this->db->prepare("SELECT * FROM users WHERE email=:email LIMIT 1");
          $stmt->execute(array(':email'=>$email));
          $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
          if($stmt->rowCount() > 0)
          {
             if(password_verify($password, $userRow['password']))
             {
                $_SESSION['user_session'] = $userRow['userid'];
                return true;
             }
             else
             {
                return false;
             }
          }
       }
       catch(PDOException $e)
       {
           echo $e->getMessage();
       }
   }

the login script:

if(isset($_POST['btn-login']))
{
 $email = $_POST['email'];
 $password = $_POST['password'];

 if($user->login($email,$password))
 {
  $user->redirect('index.php');
 }
 else
 {
     print "email = $email, password = $password";
  $error = "Wrong Details !";
 } 
}

Any help would be greatly appreciated.

Weedpacket

If you're getting a "Wrong Details !" message then the login() method returned false. There are two ways it can return false. The second is if there is an exception (you'll get the PDO error message, then it will return null, because you don't tell it what to return in that case). The first is if password_verify returns false.

You can tell which it is by whether or not you get a PDO error message as well. If you don't, then your problem lies in the password_verify function.