I've created a login script where I am simply trying to match the username and password that is passed through my login form, create a session and pass through session variables and redirect the user to a different page.
I'm using an OOP PDO approached style as this is the way forward and it is a lot simpler to code.
When registering a user I encrypt the password using the PHP crypt method. However when I try to login my statement is returned as false and to be fair I don't know what I am doing wrong, perhaps I'm decrypting the password incorrectly, I'm not sure.
When I say false I mean my if statement echo's
Invaild username or password. Try again
Any help or ideas greatly welcomed and appreciated, thank you in advance.
index.php
<form id="loginForm" method="POST" action="classes/class.Login.php">
<input type="text" id="username" name="username" placeholder="Username"/>
<input type="password" id="password" name="password" placeholder="Password" class="showpassword"/>
<input type="submit" name="submit" value="Log in"/>
classes/class.Login.php
public function loginuser() {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $this->pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1");
$stmt->bindValue(":username", $username);
$stmt->bindValue(":password", crypt($password));
$stmt->execute();
if ($stmt->fetch())
{
$_SESSION['authorized'] = true;
$_SESSION['username'] = $username;
header("Location: testloginrequired.php");
}
else
{
echo "Invaild username or password. Try again";
}
}// end loginuser