I have been trying to figure this out. It is quite easy but I just cant find the mistake. It looks like the mistake is in foreach, because everything above that works. When I fill the inputs and click the Login button, the script wont work.
if (isset($_POST['submit']) AND (!empty($_POST['username']) AND (!empty($_POST['password'])))) {
$username = $_POST['username'];
$password = $_POST['password'];
$pass = hash('sha256',$password);
$select = $db->prepare("SELECT * FROM users WHERE username= :username AND password= :password");
$select->bindParam(':username', $username);
$select->bindParam(':password', $pass);
$select->execute();
foreach ($select as $data) {
if ($data['username'] == $username AND $data['password'] == $pass) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $data['id'];
?>
<div class="echos">
<?php
echo "Login completed" . "<br>";
echo "<a href='http://jezecek.nostools.cz/'>Homepage</a>";
}
else {
echo "Wrong username or password!" . "<br>";
echo "<a href='http://jezecek.nostools.cz/include/registration.php'>Try again</a>";
}
}
}
else {
echo "Fill all fields!" . "<br>";
echo "<a href='http://jezecek.nostools.cz/include/login.php'>Try again</a>";
}
?>
</div>
Even if I use fetchAll() like this, it still doesnt work
$select = $db->prepare("SELECT * FROM users WHERE username= :username AND password= :password");
$select->bindParam(':username', $username);
$select->bindParam(':password', $pass);
$select->execute();
$result = $select->fetchAll();
foreach ($result as $data) {
if ($data['username'] == $username AND $data['password'] == $pass) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $data['id'];
?>
<div class="echos">
<?php
echo "Login completed" . "<br>";
echo "<a href='http://jezecek.nostools.cz/'>Homepage</a>";
}