How can I be able View/edit/delete/add Records on my login system as an admin using pdo


#1
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);
 session_start();
 include_once 'db.php'; 


	
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

	//collect form data and store in variables
	$username = trim($_POST['username'] );
 	$password = md5($_POST['password']);

 	$DB->query('SELECT * FROM users WHERE username = :username AND password = :password');

              $DB->bind(':username', $username);
              $DB->bind(':password', $password);

              $result=$DB->single();

              if ($result) {
              	 
              	 header('Location: http://localhost/form/admin.php');

              } else {

              	echo "Wrong Password/Username Combination";
              }



}

?>

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Login Page</title>
  </head>

<body>

<h2> User Authenticatication System</h2>

<h3>Login Form</h3>
<?php if(isset($message)){?>
  <span style="color: red"> <?=$message?></span> <br>
<?php }?>
<br><br>


<form action="" method="POST">
		<table>
			<tr>
				<td>Username:</td>
				<td><input type="text" name="username" value="" ></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type="password" name="password" value="" ></td>
			</tr>

		</table>
		<input type="submit" name="login" value="Login">
			
		</form>


<p><a href="http://localhost/form/welcome.php"> Back to Homepage </a></p>

</body>
</html>```

#2

How can I be able View/edit/delete/add Records on my login system as an admin

You write a script that does that.

$password = md5($_POST['password']);

An MD5 hash nowadays is pretty much as safe as a plain text password …


#3

how do i do that…any suggestions


#4

Well, first you draft a workflow taking into account anything that could happen. Then you put that into code. And write tests for it where sensible.


#5

I did a draft workflow but every time i put into code it doesn’t work. Also i am still new to php.


#6

The perfect material to post in a Q’n’A forum like this.


#7

You need to begin with breaking up the problem into smaller. pieces. Rather than thinking about view, edit, delete, and add start with view. Once you figure that out edit, delete, etc. With that in mind view can mean different things. Are you referring to a view of all users or a single user?


#8
  1. Using md5 for passwords has to go. You need to use password_hash and password_verify.

  2. You need to kill the script after header redirects.

  3. Do not SELECT *, specify the column names you want.

  4. Using tables for layout went out in the 90’s. We use CSS for that now.

  5. You can just delete the action altogether.

  6. Instead of littering all your code with error settings, just set it in the php.ini.

  7. You have code that depends on $message but it is nowhere in the code you posted.


#9

I would argue that using spaghetti/procedural code/php went or should of went out of style in 90s as well. I’m not going to go into OOP, MVC and advanced architectural design patterns though because this person is merely just trying to understand the basics.

If you really want to become a productive, professional learn to use smart debugging.

https://xdebug.org/


#10

Something that I noticed that no one mentioned yet. If you want to use PDO, use it properly. The use of regular ->query and then out of no where, using parametrized placeholders is pretty much causing the problem. It makes no sense to go from regular queries into prepared statements when you didn’t even instantiate the prepared call. Just use prepared statements and be done with it.


#11

@spaceshiptrooper Prepared statements and variable binding is being used.


#12

View of all users…


#13

Who do you apply all these??? The css, delete action, and set the erroe settings to php.ini


#14

thanks for noticing…


#15

I’m presuming that there must be some kind of database abstraction layer here - I can’t find a reference to the single() function as a part of PDO, it clearly retrieves a single row in the way that fetch() would though I presume it also executes the query, as nothing else does. On that basis I also presume that the OPs query() function encapsulates the usual prepare(), and the bind() is really doing a bindParam() behind the scenes.

@Rybat, as others have said, it’s just a case of dividing it into individual steps and attacking each one bit by bit. I would imagine that before you do your header redirect on successful login, you might want to store some information about the logged-in user in session variables or cookies so that admin.php can use them. I would then have that code display a basic set of options as to what action the admin user wants to take, then code each one.


#16

Yes it does…


#17

Okay let me do that can i start with the view part?? or??


#18

Start with any one you want. I’d probably start with “add”, so you’ve got something to view, edit or delete, though you could add records in phpmyadmin or whatever you use.


#19

The task that will require the least effort will be viewing all users in a table. That will require a new page, select for all users against the db, then looping through the result set to display each row in a table. Put those steps into code and you will have a basic view page.


#20

I am on the view.php page i am trying to echo the results but nothing is populated (echoed)…


	$DB->query('SELECT * FROM new_record ORDER BY id DESC; ');

			
			$result = $DB->rowCount(); //created a class on my db.php which takes care of this

				 if ($result) {

				 	echo $row ["name"];
				 	echo $row ["age"];
				 	echo $row ["id"];

					}

?>```