0

I'm trying to create a simple Login/Registration form using PHP/Html/MySql. I've successfully created the registration form (which submits to my Database), however i'm not quite sure on how to carry out the log in part. Below is what i've tried so far.

I have two Models in addition to my Database.php Model (holds db connection), Client Data.php, and ClientDataSet.php A login.php page and a login.phtml page.

ClientData.php is as follows:

       <?php
    require_once('Models/Database.php');
    require_once ('Models/ClientDataSet.php');

    class ClientData {

    private $email, $password;

    public function __construct($dbRow) {
    $this->email = $dbRow['Email'];
    $this->password = $dbRow['Password'];  
    }    

    public function getEmail() {
    return $this->email;
    }

    public function getPassword() {
    return $this->password;
    }
}

ClientDataSet.php

        <?php
require_once('Models/Database.php');
require_once ('Models/ClientData.php');

class ClientDataSet{
protected $_dbHandle, $_dbInstance;

 public function __construct() {
    $this->_dbInstance = Database::getInstance();
    $this->_dbHandle = $this->_dbInstance->getdbConnection(); 
 }        

    public function createClient($email, $password){
        $sqlQuery='INSERT INTO mydatabase_Client (Email, Password,) VALUES ('.     "'$email'".','. "'$password'".')';

    //echo $sqlQuery;// useful check to see what Query has been created

    $statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
    $statement -> execute();
    }

    public function fetchClient($email, $password){
        $sqlQuery='SELECT * FROM mydatabase_Client WHERE (Email='. "'$email'".', Password='. "'$password'".')'; 

    //echo $sqlQuery;// useful check to see what Query has been created

    $statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
    $statement -> execute();
    }
}

login.php

        <?php 
require_once('Models/Database.php');
require_once('Models/ClientData.php');
require_once('Models/ClientDataSet.php');
session_start();

$view = new stdClass();
$view->pageTitle ='Login';

if(isset($_POST['submit'])) {      
        $clientDataSet= new ClientDataSet();
        $clientDataSet->fetchClient($_POST['Email'], $_POST['Password']);
} ?>

<?php

require_once('Views/login.phtml');

login.phtml

<?php require('template/header.phtml') ?>
<h3>Login Page</h3>
<p>If you have not already Registered. <a href="register.php">Register Here.</a></p>
    <p><strong>Login</strong> using your <strong>email address</strong> and password.</p>
    <table class="inputtable">
        <tr>
            <td class="label">Email:</td>
            <td class="inputtd">
                <input name="Email" type="email" class="standardwidth" /></td>
        </tr>
        <tr>
            <td class="label">Password:</td>
            <td class="inputtd">
                <input name="Password" type="password" class="standardwidth" /></td>
        </tr>
    </table>
    <div>
        <input type="submit" value="Login" name="submit"/> <input type="reset" value="Reset" name="reset"/>
    </div>
Improve this question
2
  • you seem to be missing your opening and closing form tags? Commented Jan 13, 2014 at 21:15
  • Your right, i've added it :) Commented Jan 13, 2014 at 21:31

1 Answer 1

Reset to default
1

First and foremost, DO NOT CONCATENATE STRINGS TO BUILD YOUR QUERY. When using PDO with mysql, you should be using parameter binding. The way you are creating your SQL statement leaves you wide open to sql injection attacks.

See here: How can I prevent SQL injection in PHP?

Now, on to your actual problem: You aren't using an HTML form. You have to wrap your input elements in a form, with the proper form parameters, otherwise your browser won't send any data to the server.

It will look something like this:

 <form name="login" action="html_form_action.php" method="post">

Further reading: HTML forms

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thankyou. I'm not too worried about attacks as its just a personal project i'm working on - not likely to go public anytime soon :)
Alrighty then, although it is a good idea to build good habits in case you ever do a different project. If the <form> part helped, please accept the answer.
it might be private and local but best practice from the onset will not harm but improve knowledge and code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.