PDO's rowCount()
method is notoriously flakey when used with SELECT statements. It's intended for INSERTs, UPDATEs, and DELETEs.
Refactor it out ... something like this.
$count = 0
$result = $statement->fetchAll();
foreach($result as $row) {
$count++
if(password_verify($_POST["user_password"], $row["password"])) {
if($row['user_status'] == 'Active') {
$_SESSION['usertype'] = $row['usertype'];
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['last_login'] = $row['last_login'];
$_SESSION['user_status'] = $row['user_status'];
header("location:dashboard.php");
} else {
$message = "<label>Your account is disabled, Please contact the administrator</label>";
}
} else {
$message = '<div class="alert alert-danger">Wrong Email Address/Password Combination</div>';
}
} /* end foreach($result as $row) */
if ($count == 0) {
$message = '<div class="alert alert-warning">Seems you have not registered yet</div>';
}
elseif ($count > 1) {
$message = '<div class="alert alert-danger">More than one email match!!! Should not happen!!!</div>';
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…