I am attempting to build a password-protected area on my site. However, in my if statement, I'm having trouble determining if the array is empty or not. When the code is run, regardless of what is put into the user/pass fields, it's always testing as true. For reference, the database being accessed only has 1 row, containing 1 user/pass combo.
function verify(){
$dbhost = "host";
$dbname = "db";
$dbuser = "user";
$dbpass = "password";
if (isset($_SESSION['valid_user']))return true;
$user_name = $_POST["user_name"];
$password = $_POST["password"];
if ($user_name && $password){
try{
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
}
catch(PDOException $pe){
die('Connection error, because: ' .$pe->getMessage());
}
$sql = "SELECT user_name FROM users WHERE user_name = ':user_name' AND password = ':password'";
$q = $conn->prepare($sql);
if(!$q){
die("Execute query error, because: ". $conn->errorInfo());
};
$q->execute(array(':user_name'=>$user_name, ':password'=>$password));
$result = $q->fetchALL();
if ($result['user_name']=$user_name){
$valid_user = $user_name;
$_SESSION['valid_user'] = $valid_user;
return true;
}
else{
$text = "User Name and Password did not match";
write_log_in($text);
}
}
else {
$text = "This is a secure server. Please log in.";
write_log_in($text);
}
}
As a side note, I'm aware that my passwords should be stored in at least an MD5 hash format or something similar. I just wanted to get it working at all before adding in more stuff.