phreak3r

Okay, thank you.

Yes, however, that was not really the issue. Not sure if this is the solution I am looking for, but I changed $row == 1 && password_verify($password, $row['password']) to $row['username'] == $username && password_verify($password, $row['password']. But, thank you.

Right, right. Sorry. ?

From my understanding it fetches result from or of the array?

Here is what they mysqli version looked like: <?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $user_query = "SELECT * FROM profile0 WHERE username = '$username'"; $result = mysqli_query($conn, $user_query); $row = mysqli_fetch_assoc($result); // if username and password match, init session and redirect to another page. if (mysqli_num_rows($result) == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo "Incorrect username or password."; } } ?>

Executing the query does nothing.

So this would not work? I would need to change $row == 1 to $row['username'] == 1 if ($row == 1 && password_verify($password, $row['password'])) {

No, I program on and off and am not too well-versed. Empty array?

<?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = $_POST['username']; $password = $_POST['password']; $user_query = $pdo->query("SELECT * FROM profiles001 WHERE username = '$username'"); $row = $user_query->fetchAll(PDO::FETCH_ASSOC); // if username and password match, init session and redirect to another page. if ($row == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo var_dump($row); echo var_dump($row['password']); echo var_dump($row['username']); echo var_dump($row['email']); echo "Incorrect username or password."; } } ?> This code is responsible for authenticating the user upon logging in. I went ahead and updated the mysqli portion to PDO. As you can see I var_dump some variables near the end. Variable $row prints out as array(1) { [0]=> array(9) { ["username"]=> string(4) "test" ["password"]=> string(60) "$2y$10$uQEUsIwm0usWyZjWk/vo8e90e867oPLBu3ThKCk1aUseMcQuuHrVq" ["avatar"]=> string(15) "assets/soap.jpg" ["doc"]=> NULL ["las"]=> NULL ["email"]=> string(13) "test@test.org" ["c_status"]=> string(1) "0" ["account_age"]=> NULL ["bio"]=> string(4) "test" } }. The other three print out as NULL. What exactly is going on here?

Dammit! Well, you are correct Barand. See this stack overflow post. I might need to try UPDATE instead. Ah, I am sorry about that Kevin. I cannot stand cars, sadly in my case they are necessary as my locale requires them to a certain extent. Watch out for the SUVs and Pickup Truck drivers, those are the worst. Thank you benanamen and barand.

Okay, data is being inserted into the database again, except for the avatar path. I think I will have to write out $_FILES['userfile']['name'] instead of doing what I had done before. ($file['name'] and $file being equal to $_FILES['userfile'])

From the var_dump: array(1) { ["userfile"]=> array(5) { ["name"]=> string(0) "" ["type"]=> string(0) "" ["tmp_name"]=> string(0) "" ["error"]=> int(4) ["size"]=> int(0) } } <?php include('header.php'); ?> <!DOCTYPE html> <html> <head> <title>soapbox - sign up</title> </head> <body> <form action="confirmation.php" method="POST" enctype="multipart/form-data"> <br> Avatar <br> <input type="file" name="userfile" id="fileToUpload"> <br> Username: <br> <input type="text" name="username" maxlength="26" placeholder="Username"> <br> Password: <br> <input type="password" name="password" maxlength="26" placeholder="Password"> <br> Email Address: <br> <input type="email" name="email" placeholder="Email Address"> <p>Bio: </p><textarea name="bio" placeholder="Bio..." rows="5" style="resize: none;"></textarea> <br> <input type="submit" value="Submit"> </form> </body> <!--Include footer later on --> </html> form from the signup.php file

I am checking for the avatar/image file, however, that is not working. if (!isset($_FILES['userfile'])) { $avatar = "assets/soap.jpg"; $avatar_present_query = $pdo->prepare("INSERT into profiles001 (avatar) VALUES (:avatar) WHERE username = ':username'"); $avatar_present_query->bindValue(':avatar', $avatar); $avatar_present_query->bindValue(':username', $username); $avatar_present_query->execute(); $query->execute(); } Specifically, the query in the if-statement is not doing its job. I tried using UPDATE previously and that too would fail to work. I know PHP after a certain version (can't quite recall which) is more so made for object-oriented programming style. But I am wanting to go with the functional programming or function-based programming format. That is why I am using functions.

Sorry that I missed the last brace Kevin. As for putting the code in the function, I am going for a 'functional programming' type of format. I did not copy the entire thing as what is past the brace is commented code and THEN the final brace. Would you like to see that?

If the user signs up and does not have an avatar, a default will be given to them. I am checking for the avatar/image file, however, that is not working. Here is the messy code below: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // $username = $_POST['username']; // adds user info submitted upon registration to database function addUser($pdo) { $username = $_POST['username']; $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio) VALUES (:username, :password, :email, :cstat, :bio)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':cstat', $c_status); $query->bindValue(':bio', $bio); $file = $_FILES['userfile']; $file_name = $file['name']; $file_type = $file['type']; $file_size = $file['size']; $file_tmp_name = $file['tmp_name']; $file_error = $file['error']; if (!isset($_FILES['userfile'])) { $avatar = "assets/soap.jpg"; $avatar_present_query = $pdo->prepare("INSERT into profiles001 (avatar) VALUES (:avatar) WHERE username = ':username'"); $avatar_present_query->bindValue(':avatar', $avatar); $avatar_present_query->bindValue(':username', $username); $avatar_present_query->execute(); $query->execute(); } // $query->execute(); } addUser($pdo);

Thank you so much, Barand and Happy New Year to you!

Excerpts of code: function addUser() { $username = $_POST['username']; $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; //$avatar = //$username_query = $pdo->prepare("SELECT * from profiles001 WHERE username=':username'"); //$username_query->bindValue(':username', $username); //$username_query->execute(); $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio) VALUES (:username, :password, :email, :cstat, :bio)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':cstat', $c_status); $query->bindValue(':bio', $bio); $query->execute(); setAvatar(); } function setAvatar() { // check if avatar is set, if not give default avatar if (isset($file) && $fileError === UPLOAD_ERR_OK) { $file = $_FILES['userfile']; $fileName = $file['name']; $fileTmpName = $file['tmp_name']; $fileSize = $file['size']; $fileError = $file['error']; $fileType = $file['type']; $fileExt = explode('.', $fileName); $fileActualExt = strtolower(end($fileExt)); $allowedExtensions = array('jpg', 'jpeg', 'png'); } // if user has not assigned avatar, assign the default. if (empty($file)) { $avatar = "assets/soap.jpg"; $query = $pdo->prepare("INSERT INTO profiles001 (avatar) VALUES (:avatar)"); $query->bindValue(':avatar', $avatar); $query->execute(); } } addUser(); } From the database file: <?php $host = "localhost"; $database = "soapbox"; $username = "drb"; $password = "m1n3craft"; // Create connection $pdo = new PDO('mysql:host=localhost;dbname=soapbox;', $username, $password); /* Print error message and or code to the screen if there is an error. */ ?> NOTE: I also require dbcon.php at the top of the confirmation.php file which is NOT included in the excerpt at the top. Making pdo a global variable would probably fix it, but from what I heard globals are frowned upon.

Can't pass something that is broken, haha. I am having to re-write and fix things.

PDO, yes. I was using it before, but as I said, I lost my recent work and have to start with what I have got. My database connection configuration 'stuff' is PDO, I am moving away from mysqli slowly but surely. Thank you.

I was working on this project earlier on in the year, I have not posted here much. I would like to get it over with and start something else. I have other files which look like the excerpt of code from a file below. I personally think that my code lacks structure and could be organized in a better fashion. I lost most of my progress and am having to backtrack and restore code. Is there a way to re-write this code and make it more readable? Please and thank you! <?php include('header.php'); require_once('dbcon/dbcon.php'); //include('functions.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // sanitize values before entering them into db, no bad seeds. $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $bio = mysqli_real_escape_string($conn, $_POST['bio']); $hashed_password = mysqli_real_escape_string($conn, password_hash($password, PASSWORD_DEFAULT)); $email = mysqli_real_escape_string($conn, $_POST['email_address']); $confirmation_status = 0; /* function sanitizeValues($x, string $postString) { $x = mysqli_real_escape_string($conn, $_POST[$postString]); }*/ $username_query = "SELECT * from profiles001 WHERE username='$username'"; $result = mysqli_query($conn, $username_query); // if username exists do not continue... if (mysqli_num_rows($result) > 0) { header('Location: /soapbox/signup.php'); // let user know that username is taken... } else { // file upload stuff... $file = $_FILES['file']; $fileName = $_FILES['file']['name']; $fileTmpName = $_FILES['file']['tmp_name']; $fileSize = $_FILES['file']['size']; $fileError = $_FILES['file']['error']; $fileType = $_FILES['file']['type']; $fileExt = explode('.', $fileName); $fileActualExt = strtolower(end($fileExt)); $allowed = array('jpg', 'jpeg', 'png'); // avatar file constraints checks... if (in_array($fileActualExt, $allowed)) { if ($fileError === 0) { if ($fileSize < 1000000) { $fileNameNew = uniqid($_SESSION['username'], true) . "." . $fileActualExt; $fileDestination = 'uploads/' . $fileNameNew; move_uploaded_file($fileTmpName, $fileDestination); } else { echo "Your file is too big!"; } } else { echo "There was an error uploading your file" . $fileError . $fileSize; } } else if (!(empty(in_array($fileActualExt, $allowed))) && !($allowed)) { echo "Cannot upload file of this type!"; } mkdir("channel/" . $username); mkdir("channel/" . $username . "/videos"); fopen("channel/" . $username . "/index.php", "w"); $account_open_date = date("Y-m-d h:i:s"); $current_date = date("Y-m-d h:i:s"); //$account_open_date_retrieval_sql_select = "SELECT account_open_date from profile0"; //$account_age = date_diff($row, $current_date); // acct open date - current date = account age //$account_age_result = mysqli_query($conn, $account_open_date_retrieval_sql_select); //$row = mysqli_fetch_assoc($account_age_result); // if-then-else-if statement to get rid of the fileDestination var undefined error when avatar photo is not submitted.... if (!(empty($fileDestination))) { $sqlinsert = "INSERT INTO profiles001 (username, password, email, c_status, doc, avatar, bio) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$fileDestination', '$bio')"; } else if (empty($fileDestination)) { $fileDestination = "assets/soap.jpg"; $sqlinsert = "INSERT INTO profiles001 (username, password, email, c_status, doc, avatar, bio) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$fileDestination', '$bio')"; } $result = mysqli_query($conn, $sqlinsert); } } ?>

Nevermind, Kev, I sorted it out.

Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have: if ($row && password_verify($password, $row['password'])) {} But that doesn't work either, I went from fixing things to breaking them again.

I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just if ($row) {} else {} there should be no need for if ($row == 1 && password_verify($password, $row['password'])) {}? At least that is what I am getting from this...

Nevermind, $row is now printing out the array. But, still not logging in properly.