I'm creating a valid credential function for a log in page.
The function works if I use it outside the function using the following code:
if(isset($_POST['email'])){
$email = $_POST['email'];
$password = $_POST['password'];
$q = "SELECT * FROM user WHERE email = :email";
$query = $db->prepare($q);
$query->execute(array(":email" => $email));
$results = $query->fetchAll();
if($results !=FALSE && $query->rowCount() > 0) {
if($results[0]['password'] == $password){
$_SESSION['email'] = $email;
}
But if I call the function from the external function, nothing happens as if there was something wrong with the log in credentials.
the function:
function valid_credientials($email,$password){
global $db;
$email = $_POST['email'];
$password = $_POST['password'];
$q = "SELECT * FROM user WHERE email = :email";
$query = $db->prepare($q);
$query->execute(array(":email" => $email));
$results = $query->fetchAll();
if($results !=FALSE && $query->rowCount() > 0) {
if($results[0]['password'] == $password){
$_SESSION['email'] = $email;
}}
}
and the isset post:
if (isset($_POST['email'], $_POST['password'])){
if (valid_credientials($_POST['email'], $_POST['password']) == false ){
$errors[] = 'No matching email found.';
}
if (empty($errors)){
$_SESSION['email'] = htmlentities($_POST['email']);
header("Location: profile.php");
die();
}
}
I was thinking about trouble with the connection, but if I use this function it returns the emails.
function valid_credientials($email,$password){
$test = $db->query("SELECT `email` FROM `user`");
while($row = $test->fetch(PDO::FETCH_ASSOC)){
echo $row['email'], '<br>';
}
}
Look at your code,
function valid_credientials($email,$password){
global $db;
$email = $_POST['email'];
$password = $_POST['password'];
$q = "SELECT * FROM user WHERE email = :email";
$query = $db->prepare($q);
$query->execute(array(":email" => $email));
$results = $query->fetchAll();
if($results !=FALSE && $query->rowCount() > 0) {
if($results[0]['password'] == $password){
$_SESSION['email'] = $email;
}
}
You are getting values from $_POST, you don't need these two line at all as you have email and password in your function parameters.
$email = $_POST['email'];
$password = $_POST['password'];
And also you check for return value of the function but there is nothing returned by your function. go through the code below, it returns true or false depending on the condition.
function valid_credientials($email,$password){
global $db;
$email = $_POST['email'];
$password = $_POST['password'];
$q = "SELECT * FROM user WHERE email = :email";
$query = $db->prepare($q);
$query->execute(array(":email" => $email));
$results = $query->fetchAll();
if($results !=FALSE && $query->rowCount() > 0) {
if($results[0]['password'] == $password){
$_SESSION['email'] = $email;
return true;
}
return false;
}
Your valid_credentials function doesn't return a value.
The below if statement, will return NULL ( not positive on this, just guessing ), which isn't equal to false, so the errors array is still empty during the next if statement
if (valid_credientials($_POST['email'], $_POST['password']) == false ){
$errors[] = 'No matching email found.';
}
if (empty($errors)){
}