Login system suddenly stopped working?

donboe · April 23, 2018, 8:48am

Ok I have a login system that worked fine untill yesterday, but this morning suddenly stopped working. I will try to describe the situation as clear as possible.

In my routes file I use the following route for the login section:

// Admin section
'/admin/login' => [
    'controller' => 'Controller_Auth',
    'action' => 'login',
],

In Controller_Auth the login Action is as follows:

public function loginAction()
{
	$admin = new Model_Admin(Db::getInstance());
    $error = null;
    if ($admin->is_admin()) {
        $admin->redirect('index.php');
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        if ($admin->attempt_login($_POST['email'], $_POST['password'])) {
			$admin->redirect('/admin/');
        }
        $error = 'Email and/or password are wrong';
    }
    $view = new View('admin/login.php', compact('error'));
    echo $view;
}

and Model_Admin contains the following:

public function loginAction()
{
	$admin = new Model_Admin(Db::getInstance());
    $error = null;
    if ($admin->is_admin()) {
        $admin->redirect('index.php');
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        if ($admin->attempt_login($_POST['email'], $_POST['password'])) {
			$admin->redirect('/admin/');
        }
        $error = 'Email and/or password are wrong';
    }
    $view = new View('admin/login.php', compact('error'));
    echo $view;
}

class Model_Admin extends DbModel
{
    public function email_exists($email) {
        $sql = "SELECT admin_id
                  FROM site_admins
                 WHERE email = ?
                 LIMIT 1";
                 
        $stmt = $this->pdo->prepare($sql);
        $stmt->execute(array($email));    
        return $stmt->fetchColumn();
    }   

	public function attempt_login($email, $password) {
		$sql = "SELECT *
                  FROM site_admins
                 WHERE email = ?
                 LIMIT 1";                 
		$stmt = $this->pdo->prepare($sql);
		$stmt->execute(array($email));

        if (!$data = $stmt->fetch( PDO::FETCH_OBJ )) {
            return false;
        }		
        if (!password_verify($password, $data->password)) {
            return false;
        }
        $_SESSION['user'] 		= $data->email;
		$_SESSION['name']      	= $data->name;

        return $data;   
    }   
    
    public function is_admin() {
        return isset($_SESSION['user']);
    }  
    public function redirect($url) {
        header('Location: ' .$url);
    }
}

But no matter what I try, I keep getting the error : Email and/or password are wrong
as set in Controller_Auth.

I used this website to check if maybe something was wrong with the hashed password, but that ia not the case either. I realy don’t see anything wrong

Noppy · April 23, 2018, 8:58am

did you hosting company update some software? if it was working yesterday and you’ve changed nothing then somebody has changed something somewhere.

Or (hopefully not) someone has hacked your site and changed your passwords.

donboe · April 23, 2018, 9:01am

@ Noppy. Thanks for the reply. I allready sent them a message, so I quess I have to wait. I will keep you updated

spaceshiptrooper · April 23, 2018, 11:57am

Your model looks like there’s an extra curly brace at the end. You should really log your errors if you haven’t already done so.

system · July 23, 2018, 6:57pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.