Ok, Im baffled.
I am passing in some login info from a cookie and the sql query is rejecting it as not found. Ive done every single test I can think of. var_dumps, data type, etc and everything looks proper. Any help would be awesome. Thanks!
Im trying to call a login function here and passing in cookies:
if ((isset($_COOKIE["u"]) && empty($_SESSION["user_id"])) || (isset($_COOKIE["u"]) && !isset($_SESSION["user_id"])))
{
$username = decrypt($_COOKIE["u"], SALT);
$password = decrypt($_COOKIE["p"], SALT);
login($username, $password, "1");
}
And the function is:
//Log in
function login($username, $password, $remember) {
$userx = query("SELECT * FROM user WHERE username = ?", $username);
if (!empty($userx))
{
$user = $userx["0"];
if (validate_password($password, $user["hash"]) === true)
{
popsession($user, $password, $remember);
}
else
{
apologize("Invalid Username or Password");
}
}
else
{
apologize("Invalid Username or Password");
}
}
My issue is happening at $username. When I check it, it all looks good all the way through the process, but when it comes time to query the database it returns nothing. If i replace the variable with a "string" it works fine. To be clear the data type of the variable is a string as well. Any ideas?
If you're using PDO, change this:
$userx = query("SELECT * FROM user WHERE username = ?", $username);
To this:
$userx = $conn->prepare("SELECT * FROM user WHERE username = :username");
$userx->bindParam(':username', $username, PDO::PARAM_STR);
$userx->execute();
That should make it work!