Check if email exist in database (PDO)

Question

When a user fill in their email address in an form, I will check if the email address exist in the database.

Why are not the code working?

Here is my code:

php

<?php

session_start();

require 'database.php';

if(!empty($_POST['email'])):

  $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
  $records->bindParam(':email', $_POST['email']);
  $records->execute();
  $results = $records->fetch(PDO::FETCH_ASSOC);

  echo 'Working';

    if(isset($_REQUEST['email'])){

    $email_to = $_REQUEST['email'];
    $email_subject = "Forgotten password";
    $email_from = "password@scoreplay.net";


    $email_message = $results['password'];

    $headers = 'From: ' .$email_from . "\r\n";
    @mail($email_to, $email_subject, $email_message, $headers);

    #header("Location: /success.php");

  exit();

}

endif;

?>

You are logging the user in or just checking if the email exists? — chris85, Apr 30 '17 at 16:53
So the `password_verify($_POST['password'], $results['password'])` is not needed. Just check that you get a return, http://php.net/manual/en/pdostatement.rowcount.php. — chris85, Apr 30 '17 at 17:14
@chris85 Okay now I have taken that away, and it are sending mails with the hashed password.. How do I decrypt the password? — Amandus, Apr 30 '17 at 17:56
You can't thats not how a hash works. Why do you need the password? See https://en.wikipedia.org/wiki/Cryptographic_hash_function and/or http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms — chris85, Apr 30 '17 at 18:11

score 1 · Answer 1 · answered Apr 30 '17 at 16:17

1

You have to echo the result to see after if/else condition like this

session_start();

require 'database.php';

if(!empty($_POST['email']) ):

  $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
  $records->bindParam(':email', $email);
  $records->execute();
  $results = $records->fetch(PDO::FETCH_ASSOC);

  $message = '';

  if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){

    $message = 'Success!';

  } else {
    $message = 'Sorry, those credentials do not match';
  }
  // Now, you just have to add 
 echo $message;  
endif;

answered Apr 30 '17 at 16:17

tikimti-mvrht

242
2
12

1

It would be useful to have a value in `$email` as well! – RiggsFolly Apr 30 '17 at 16:21
@RiggsFolly Funny; I don't see this answer as being accepted, unless the OP up and ran off or it didn't solve the question. – Funk Forty Niner Apr 30 '17 at 16:39
@Fred-ii- Certainly not my UV – RiggsFolly Apr 30 '17 at 16:41

Check if email exist in database (PDO)

1 Answers1