Php login HELP

I’m developing a php login process and somehow the code isn’t processing the information, when the user logs in with the correct details the system still rejects it does anyone know war this could be. Ive been running error detection functions etc and nothing seems to come up


if(isset($_POST['email']) && trim($_POST['email']) != ""){
	$email = strip_tags($_POST['email']);
	$password = $_POST['password'];
	$hmac = hash_hmac('sha512', $password, file_get_contents('textfiles/key.txt'));
	$stmt1 = $db->prepare("SELECT usersid, username, password FROM login WHERE email=:email AND activated='1' LIMIT 1");
		$count = $stmt1->rowCount();
		if($count > 0){
			while($row = $stmt1->fetch(PDO::FETCH_ASSOC)){
				$uid = $row['usersid'];
				$username = $row['username'];
				$hash = $row['password'];
			if (crypt($hmac, $hash) === $hash) {
				$db->query("UPDATE login SET lastlog=now() WHERE usersid='$uid' LIMIT 1");
				$_SESSION['uid'] = $uid;
				$_SESSION['username'] = $username;
				$_SESSION['password'] = $hash;
				setcookie("usersid", $uid, strtotime( '+30 days' ), "/", "", "", TRUE);
				setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE);
    				setcookie("password", $hash, strtotime( '+30 days' ), "/", "", "", TRUE);
				 echo 'Valid password<br />'.$_SESSION['uid'].'<br />'.$_SESSION['username'].'<br />'.$_SESSION['password'].'
				<br />'.$_COOKIE['id'];
				header("location: index.php");
			} else {
				echo 'Invalid password Press back and try again<br />';
			echo "A user with that email address does not exist here";
			$db = null;
	catch(PDOException $e){
		echo $e->getMessage();
		$db = null;

Hi there, welcome to the forums! I would start with this in phpmyadmin, or whatever your favored sql editor is.

SELECT usersid, username, password FROM login WHERE email=‘an email’ AND activated=‘1’ LIMIT 1

Make sure your getting a result. Then head to your script and print $email and make sure that’s being populated.

Disable your cookie logic until you get it working regularly, then you can try to put it back in.

hi i think thats the issue I’ve posted the code and nothing appears on the page sorry if i seem dumb I’ve been attempting this for days

I’ve posted SELECT usersid, username, password FROM login WHERE email=‘an email’ AND activated=‘1’ LIMIT 1 in my database and i brings back 0 results why is this?

MySQL returned an empty result set (i.e. zero rows). (Query took 0.0003 sec)

Because nothing matches your query. Is your data there? Is the email correct? Is Activated a string?

the table has content if thats what you mean and activated is set from 0 to 1 when the registered user has verified their email

Right, but is that a boolean value or a string value?

its a string if I’m not mistaken

run describe on it:

describe login


describe login activated

Showing rows 0 - 10 (11 total, Query took 0.0018 sec) does this mean its my table being the issue

I’m interested in the actual result (the rows) to see if it is a bool or string

is this what you need?


Yes, enum is a string, so that’s good.

Now you need to select the email that your testing with and ensure it is activated…

the email is activated it is set to 1 on the table 0 means its not

My point is you need to get this query to work:

SELECT usersid, username, password FROM login WHERE email='a test email' AND activated='1' LIMIT 1

‘a test email’ being an email thats in your db and activated.

okay so it has returned 0 does this mean the problem underlines in another section of my code and not the login? thanks a lot for your help so far

The problem is either 1) wrong query 2) wrong test email 3) inactive email

Once you know you have a working query, THEN you can move on to debugging your PHP

okay i refreshed everything and tried again i brought up the correct result so the email is active

the query is working i feel like it is this section of the code
$hmac = hash_hmac(‘sha512’, $password, file_get_contents(‘textfiles/key.txt’));

i think its not getting the contents from the txt document is there another way i could could retrieve this?