I'm trying to do a check in the following method, but I'm not getting the results I expect. That is, check if the entered email exists , compare the password sent with the one found in the database and start the session; and if it does not exist, a simple error message is displayed. I clarify that the login is validated correctly, what is not shown is the message indicating that the email does not exist.
Code:
public function new_session($email,$password){
$new_connection = new \Models\Connection();
$connection = $new_connection->run();
$query = "SELECT * FROM user_table WHERE email = :email LIMIT 1";
$stmt = $connection->prepare($query);
$stmt->bindValue(":email",$email);
$stmt->execute();
while($result = $stmt->fetch(\PDO::FETCH_ASSOC)){
if(is_array($result) || is_object($result)){
if(password_verify($password,$result["password"])){
$_SESSION["user_session"] = [
"user_name" => $result["username"],
"user_email" => $result["email"],
"user_password" => $result["password"]
];
}
}else{
echo "error";
}
}
$new_connection = null;
$connection = null;
}
The fetch function returns the row, if there are no results it returns false and does not enter the while loop so it may not be necessary.
https://www.php.net/manual/en/pdostatement.fetch.php
The flow should be more or less the following:
}