CODEWITHSUNDEEP
phpmysqli
Brxxn
Brxxn

Reputation: 110

if/else statement not working properly

So this if/else statement is for a simple login form with Google Recaptcha attached. I've got the Recaptcha part working fine, it's just that when I got to enter my username and password, even if correct, I can't seem to login. This only occurred once I added the ReCaptcha. The only thing the ReCaptcha changed was another condition for the if statement to check for and shouldn't be causing issues.

Here's my validate.php file for reference, the if statement in question is at the bottom:

<?php

if (isset($_POST['submit'])) {
    $userid = $_POST["userid"];
    $password = $_POST["password"];
    $secretkey = "_SECRET_KEY_";
    $responsekey = $_POST["g-recaptcha-response"];
    $useripaddress = $_SERVER["REMOTE_ADDR"];

    $url = "https://www.google.com/recaptcha/api/siteverify?secret={$secretkey}&response={$responsekey}&remoteip={$useripaddress}";
    $response = file_get_contents($url);
    // $response = json_decode($response);
    echo $response;
}

require_once("scripts/thecrab.php"); // This connects to the db

$userid = htmlspecialchars($_POST['userid']);
$password = htmlspecialchars($_POST['password']);

$query = "SELECT userid from users where userid = ? and password = PASSWORD(?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$userid, $password]);

if ($stmt->rowCount() && $response->success === "true") {
    $_SESSION['valid_recipe_user'] = $userid;
    echo "<h2>Log In Successful</h2><br>\n";
    echo "<a href=\"index.php\"><img src=\"images/image-11.png\"></a>\n";
} else {
    echo "<h2>Sorry, your user account was not validated.</h2><br>\n";
    echo "<a href=\"index.php?content=login\">Try again</a><br>\n";
    echo "<a href=\"index.php\">Return to Home</a>\n";
}

Here's the exact if statement and condition in question:

if ($stmt->rowCount() && $response->success === "true") {
    // Successful Login. Meaning the userid and password are in the database AND the Google ReCAPTCHA response->success has the value of EXACTLY true.
} else {
    // Incorrect Login
}

Even with a correct username and password that does exist in the database, it will not execute the if statement and jumps to the else, which does not log me in.

Upvotes: 0

Views: 170

Answers (2)

Thamilhan
Thamilhan

Reputation: 13293

Boolean != String

Change

$response->success === "true"

to 

$response->success === true

Triple equal checks the datatype as well. So boolean true will not be equal to string 'true'. BTW, you need not type check here. Simple == will do!

Or to be frank, this is just enough:

if ($stmt->rowCount() && $response->success)

Upvotes: 3

Martin Perry
Martin Perry

Reputation: 9527

In your comparison, you have $response->success === "true". This compares not by value, but by type.

If success is bool, you can use $response->success === true. However, simpler and enough is $response->success == true, which will auto-convert string / int (whatever) from $response->success to bool

Upvotes: 1

Related Questions