One thing I recognized is that the clause I set in the PDO Prepared is only two clauses like this:
WHERE myemail = :myemail AND mypassword = :mypassword
So, what I want to try now is that I want to set three clause in the PDO Prepared, like this:
WHERE myemail = :myemail, mypassword = :mypassword, AND username = :username
But I am not sure if I do that correctly. I am just learnig php (self-taught).
I ask this question is because the index page only shows the correct session of email address but wrong username.
When I log in from username of "someone" with email of "someone@mail.com", the index page show the correct username and email address with the session.
However, when I log in from username of "somebody" with email of "somebody@mail.com", the index page show the correct email (somebody@ymail.com) but with the wrong username (someone) not (somebody).
Here is my code:
// Define $myusername and $mypassword
$myemail=$_POST['myemail'];
$mypassword=$_POST['mypassword'];
// We Will prepare SQL Query
$STM = $dbh->prepare("SELECT * FROM newuser WHERE myemail = :myemail AND mypassword = :mypassword");
// bind paramenters, Named paramenters alaways start with colon(:)
$STM->bindParam(':myemail', $myemail);
$STM->bindParam(':mypassword', $mypassword);
// For Executing prepared statement we will use below function
$STM->execute();
// Count no. of records
$count = $STM->rowCount();
//just fetch. only gets one row. So no foreach loop needed :)
$row = $STM -> fetch();
// User Redirect Conditions will go here
if ( $count == 1 ) {
$_SESSION['login_id'] = $row['id'];
$_SESSION['username'] = $row['username']; // added
$_SESSION['myemail'] = $row['myemail']; // added
if ( $_SESSION['login_id'] != '' || $_SESSION['login_id'] > 0 ) { // edited
header("location: index.php");
} else {
header("location: login3.html");
}
}
<?php
include('UserSessionAdmin.php');
$username = $_SESSION['username'];
$myemail = $_SESSION['myemail'];
?>
<body>
<?php echo $username; ?>
<?php echo $myemail; ?>
</body>
UserSessionAdmin.php
<?php
session_start();
if ( $_SESSION['login_id'] == 0 || $_SESSION['login_id'] == '' ) {
header('location: login.html');
exit();
}
require_once('configPDO.php');
?>
Update:
When I added echo var_dump($row);
before the line $count==1
, the page shows up with this result:
array(6) { ["username"]=> string(8) "Somebody" [0]=> string(8) "Somebody" ["myemail"]=> string(17) "somebody@mail.com" [1]=> string(17) "somebody@mail.com" ["mypassword"]=> string(8) "thebest2" [2]=> string(8) "thebest2" }