benanamen

Right now I am just trying to make something work to grasp OOP. Right now the name of anything really doesn't matter. Here is my immediate goal: Create a Loosely coupled DB connected class - DONE Compare user supplied password to DB password hash Set a logged in session for a valid user. Where I currently am: I can get the username and password Where I am now stuck: comparing user supplied password to password hash from the result of select_user. I need to pass the hashed password from select_user to function verify_password. As of the moment I dont know how to pass results between methods. Update Code: <?php //---------------------------------------------------------------------------- // Database Connection //---------------------------------------------------------------------------- $dbhost = 'localhost'; $dbname = 'meetmarket_development'; $dbuser = 'root'; $dbpass = ''; $charset = 'utf8'; $dsn = "mysql:host=$dbhost;dbname=$dbname;charset=$charset"; $opt = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $dbuser, $dbpass, $opt); //---------------------------------------------------------------------------- // Class User //---------------------------------------------------------------------------- class User { /** * @var PDO The connection to the database */ protected $pdo; protected $row; /** * Construct. * @param PDO $pdo The database connection */ public function __construct($pdo) { $this->pdo = $pdo; } /** * @param $request: $_POST or $_GET * @param $columns: Columns to SELECT */ public function select_user($request, $columns) { $sql = "SELECT "; foreach ($columns AS $field) { $sql .= $field . ', '; } $sql = rtrim($sql, ", "); $sql .= ' FROM users WHERE username = ?'; $stmt = $this->pdo->prepare($sql); $stmt->execute(array( $request )); $row = $stmt->fetch(PDO::FETCH_ASSOC); return $row; } public function verify_password($password) { echo $password;// User supplied password makes it to here echo $this->row['password'];// No Data if (password_verify($password, $this->row['password'])) { echo 'Valid User';// Set $_SESSION['logged_in']; } else { echo 'Bad'; } } } // End Class User //---------------------------------------------------------------------------- // //---------------------------------------------------------------------------- $request = $_POST['username'] = 'myusername'; $password = 'pass'; $user = new User($pdo); $columns = array( 'username', 'password' ); $user->select_user($request, $columns); $user->verify_password($password); ?>

Not sure what all you said means, yet. The purpose of the particular function select_user would be used as part of a user logging in or for a particular user profile and is only part of the functionality that will be in the class. ie; Select user, password Compare password hash Login Valid User I figure what this class should initially be able to do is login a user, do password reset/change, possibly register/add new user and list all users, deactivate users (for the admin)

Starting to get a grasp. Dependency Injection was the unknown I was looking for. Have yet to see if I would have need for a Container/IOC. What I was seeking is a real separation of concerns. I was able to accomplish it quite well in procedural with templates. Here is what I have so far. Any comments or improvements before I move on? <?php $dbhost = 'localhost'; $dbname = 'meetmarket_development'; $dbuser = 'root'; $dbpass = ''; $charset = 'utf8'; $dsn = "mysql:host=$dbhost;dbname=$dbname;charset=$charset"; $opt = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; $pdo = new PDO($dsn, $dbuser, $dbpass, $opt); class User { /** * @var PDO The connection to the database */ protected $pdo; /** * Construct. * @param PDO $pdo The database connection */ public function __construct($pdo) { $this->pdo = $pdo; } /** * @param $request: $_POST or $_GET * @param $columns: Columns to SELECT */ public function select_user($request, $columns) { $sql = "SELECT "; foreach ($columns AS $field){ $sql .= $field.', '; } $sql = rtrim($sql, ", "); $sql .=' FROM users WHERE username = ?'; $stmt = $this->pdo->prepare($sql); $stmt->execute(array($request)); $row = $stmt->fetch(PDO::FETCH_ASSOC); echo "<pre>"; print_r($row); echo "</pre>"; } } $request = $_POST['username'] = 'myusername'; $user = new User($pdo); $columns = array('username', 'password'); $user->select_user($request, $columns); ?> RESULT Array ( [username] => myusername [password] => $2y$10$72JVve7WJCctEuB1SWA81OBItahuCuh9bWF/vI5NWTA1siFU9f8U6 )

Natasha, lets start at the beginning, your DB design. Post an SQL dump of your DB. Your trying to fix problems from a problem which is a problem.

This smells of a bad DB design which I believe is really your biggest problem that needs to be fixed FIRST. Post your DB schema. You also dont seem to have any concern that you are using obsolete mysql code.

@Jaques1, what you are saying makes more sense to me, especially considering SOLID. The more I researched, the more it seemed that most everything I saw on oop users registration/login wasn't best practice which is why I came here for guidance so I can learn this right the first time. To me, if everything is a single purpose class, I would have at least the following: class Database (The DB Connection) class Register (insert user/handle duplicate username/email) class Password (function password_verify(), function password_hash(), function password_rehash()) class Error (various error messages???) class Login (Handles the login/ login failures, login logging, perhaps logout as well) class Reset (Handles the password reset/password updating: utilizing the class Password) class Email (Send out various emails, ie: validate email, password change notification, password reset email, etc..) If this is right, which class extends who? who is not extended but "included"? (I know that is not right, dont know OOP speak for it yet) Aside from a dependence on the DB connection, shouldn't a class pretty much be a stand alone program not dependent on the other classes for the most part? I have seen the "All in one" classes but they just dont seem right considering SOLID and if I am not mistaken, are referred to as a "GOD Class". If we are building the ultimate best practice OOP user reg/login would we go about it with all these classes even though some may have minimal code? If I understand correctly, doing unit testing is much easier with this kind of separation as well. Single responsibility no matter how small seems very right to me.

As much as I know about what I know, I know even less about OOP so I figured it is time I learn. I have read enough to start having questions. From what I have seen, a class should have a single purpose. Using a registration/login example, it would seem to me that I would have at least class Register and class Login since each one is a particular use, correct? Since a registration is an act of CRUD, how then would that fit in if you had a CRUD class? Is the register class not needed? Also, at the base of everything is the DB connection. Since PDO is a class, I am confused when I see class Database with the connection code. Isnt this not necessary? What really should be in a User class? If you were to get a list of users, that is still a CRUD act so what would really go in a user class if we are sticking to single use? Also, would I not have a separate password class to do hashing/verification etc.?

The code you posted has no joins. I suspect you have a bad database design. Post an SQL dump of your DB.

It's not the index index itself, it is the continual adding and removing of it every time the script runs.

You are using obsolete code that has been completely removed from Php. You need to be using PDO with prepared statements. https://phpdelusions.net/pdo * Your adding and dropping indexes is just ridiculous and there is no sqlfetch in Mysql.

Uhhh, the future is NOW! It mysql_* has ALREADY been removed from Php.

Stop what your doing right now! That code is obsolete and has been completely removed from Php. You need to be using PDO with prepared statements. Tutorial here: https://phpdelusions.net/pdo

Here is a link to a good PDO tutorial. Once you update your code to current coding standards we will be happy to help you if you get stuck. At this point in coding time, nobody should be helping you get obsolete code working. Shame on them if they do. https://phpdelusions.net/pdo

Stop what your doing right now! You are using mysql code that has been completely removed from Php. Take some time and study PDO and prepared statements. I wont even get into how ripe for an sql injection attack your code is. Trash it and dont look back. https://phpdelusions.net/pdo

Yeah, the only option that lets you see everything is the one I described.

I found it. It is pretty hidden. If you hover over the users text name in a post, there will be a popup after a couple seconds that says "Find Content". Pretty bad design to have to find it on accident.

It is appearing that on the return trip to transforming the users token to match the binary version in the DB that an additional record identifier such as user_id is required to get the correct row to compare to. Since the users token is not the same as the DB token you cant do a SELECT dbtoken WHERE user token = DB token. Am I correct in this?

Thanks. Works beautifully! I had just missed the comment about what part to send to the user.

Edit* Never mind. I see the mistake. It is in the comment what to send to user I just got around to trying this and it seems to not make sense. You generate (encode) the token hash and then store that in the DB. I assume that is also what is emailed to user. Now it appears on lookup you decode the emailed token first, then compare to DB token, but this wont match since what was sent to user is exact match for what is stored in db. Am I missing something?

Is there a way to view ALL the posts of a particular user? As is, I can only see a small handful of "Recent" posts for a given user.

The message is telling you the exact problem. You are using obsolete code that has bee removed from Php. Use PDO.

Saying something does not work does not help anyone. You need to tell us exactly what is happening. What was the result? What is the expected result?

You are missing an equals sign here if ($preselect == 'testing')

I know @Jaques1 has provided an answer somewhere but I couldn't find it. I think it was with mcrypt_create_iv I want to generate a CPRNG to use as an API key. This will also be used as a unique account id (I think). Account Usage: An instructor will register a new account and is automatically Super Admin of that account (Account Owner) Account owner can add other instructors to his account who can also optionally be super admins of that account (Sub Instructors). Sub Instructor super admins cannot delete the account owner. Sub Instructor super admins can create other instructors, optionally as super admin or not a super admin Only other user type is a student/examinee. I am thinking there should be one users table and use RBAC, Any suggestions on the table(s) setup or other comments? (This is for an enterprise exam application, my pet project for learning)

I am thinking your slowdown is because of the AND in your join. Move AND `factors`.`vendor_id`='03010001' to the WHERE and see how it works