I am trying to use crypt() in PHP to authenticate users. Here is my code in the login page:
$valid = MemberDB::isValidMember($email_address, $password);
if ($valid == TRUE) {
$_SESSION['is_valid_member'] = TRUE;
header("Location: ../welcome/");
} else {
$login_message = 'log in';
include('./view/login.php');
}
Here is the function that is supposed to bring back True or False:
public static function isValidMember($email_address, $password) {
$db = Database::getDB();
$query = "SELECT member_ID, password
FROM members
WHERE email_address = :email_address";
$statement = $db->prepare($query);
$statement->bindValue(':email_address', $email_address);
$statement->execute();
$row = $statement->fetch();
$statement->closeCursor();
return $row ? crypt($password, $row['password']) : FALSE;
}
Currently, no matter what password I enter, it lets me in. When I do a var_dump on $valid, it brings back the 98 char string of the encrypted password so I know that $valid does NOT equal TRUE. Please help!
Thanks.
replace
return $row ? crypt($password, $row['password']) : FALSE;
with
return $row ? ($row['password'] == crypt($password, $row['password'])) : FALSE;