phreak3r

Welp, $row is not printing anything out at all.

I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here? <?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $databaseClass = new Database; $dbconnect = $databaseClass->connectToDatabase(); $username = $_POST['username']; $password = $_POST['password']; $stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $count = $stmt->fetchColumn(); $row = $stmt->fetch(PDO::FETCH_ASSOC); //$row = $stmt->fetch(PDO::FETCH_ASSOC); // if username and password match, init session and redirect to another page. if ($row == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo "Incorrect username or password."; } } // test var_dump($username); var_dump($password); ?>

Okay, thank you!

Ah, well, I am still new to this. But, okay, I guess I will just start using and learning PDO. The answer isn't much help to me, but thanks?

The code is a bit of a mess. I am trying to convert this procedural code to OO style. I have already done so in the dbcon/dbcon.php class, however, I am trying to get the database connected and working to retrieve information from the database. I am being given an "Call to a member function query() on null" error. Any help? I have sort of started converting the channel/channel.php class over to OO style. I am new to doing things in the object-oriented format, I have preferred procedural, but it will only make things easier in the future to start re-writing the codebase in an object oriented format. Thanks for the assistance! Code for dbcon.php: <?php define('HOST', 'localhost'); define('USERNAME', 'root'); define('PASSWORD', '1234'); define('DATABASE_NAME', 'soapbox'); class databaseAccess { //mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); public $conn; function __construct() { $this->connectToDatabase(); } // connection to database function connectToDatabase() { //mysqli::select_db(DATABASE_NAME); $this->conn = new mysqli(HOST, USERNAME, PASSWORD, DATABASE_NAME); } /*if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } else { echo "Connection successful!"; } if (!mysqli_select_db($conn, $database)) { echo " Database not selected!"; } else { echo " Database selected!"; }*/ } ?> Code for channel.php: <!-- TODO: - Move elements to separate stylesheet --> <?php include('../header.php'); require('../dbcon/dbcon.php'); include('../functions.php'); isLoggedIn(); $dbcon = new databaseAccess(); $conn = $dbcon->connectToDatabase(); $sql = "SELECT avatar, bio, account_open_date, user_id from profile0 WHERE username = '". $_SESSION['username'] . "' "; $result = $conn->query($sql); $row = mysqli_fetch_assoc($result); $userID = $row['user_id']; $url = "/soapbox/"; $avatar = $row['avatar']; $bio = $row['bio']; $join_date = date('F j, Y', strtotime($row['account_open_date'])); $username = $_SESSION['username']; $sql = "SELECT video_id, thumbnail, video_title from videos0 WHERE uploader='$username'"; $result = mysqli_query($conn, $sql); $num = mysqli_num_rows($result); ?>

Sorry, ran out of time to edit the first post... if (is_uploaded_file($fileName) && is_uploaded_file($thumbnailImageName) && !empty($videoTitle)) { $sql = "INSERT into videos0 (uploader, video, thumbnail, video_title, video_desc) VALUES ('$username', '$fileDestination', '$thumbnailImageDestination', '$videoTitle', '$videoDesc')"; $result = mysqli_query($conn, $sql); header('Location: /soapbox/upload.php?success'); } else { echo "Empty fields!"; var_dump($file); var_dump($thumbnailImageFile); var_dump($videoTitle); }

-It was just a size that I guessed, it was bigger and allowed me to upload some test thumbnails during the time. -Yeah, I am working on a system for that. But, in what context do you mean clean up the thumbnails? -I will put separators back into the thumbnail file name. -That particular function only accepts strings as parameters, not arrays. I tried with the array, did not work. -I do not quite understand this one. So, even if errors are given out, you can still upload a video if you have a video, thumbnail, and title? -Overwriting the video file? I did not know I did that.. - Yeah, it is just a test for now, but will be fixed in a matter of time. Erm...Thank You!?

Yeah, there is a lot of cleaning up I have to do. Here's the particular excerpt: https://hastebin.com/awekisanuf.bash

Aside from the lack of security against SQL injection attacks, is there any other issue with this code? I cannot seem to get files to upload to the server anymore. I am being prompted with some var_dumps and the message I echoed out in the else part of the if-else statement at the bottom of this script. I have tried using isset, empty, and is_uploaded_file functions for the if-else statement at the bottom, nothing seems to work. If you remove the if-else statement, the code works, but I put the if-else statement there to prevent empty forms and missing fields from being submitted. Here's a hastebin link to the script: https://hastebin.com/denorunera.xml

Nevermind, I figured out your suggestion. Thank you!

Not sure what you mean by the first one. I see why the usage of IDs are recommended, I will get to it. Thank You! EDIT: I am not using IDs at the moment.

The images serve as a link to the video. The images, when clicked are supposed to go to a page that displays the video respective to its uploader, title, description, etc. However that is not the case. Upon clicking on any thumbnail, you are lead to the latest video uploaded from that particular user in the database. How can I fix this? Code for the rendering of videos onto the page: <div class="wrapper"> <?php $username = $_SESSION['username']; $sql = "SELECT thumbnail, video_title from videos0 WHERE uploader='$username'"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { $thumbnail = "/soapbox/" . $row['thumbnail']; $title = $row['video_title']; ?> <a href="<?php echo "/soapbox/video.php"; ?>" class="link"> <div class="img-container"> <img src="<?php echo $thumbnail; ?>" class="thumbnail_img" width="276" height="183"> <?php echo $title; ?> </div> </a> <?php } } else { ?> <div class="no-vid-msg">No content available.</div> <?php } ?> </div> When pressing the Video 1 link/thumbnail, you are still taken to the Video 2 video, the most recent file in the database. How can I keep that from happening? It has to do with the while loop in the video.php file I am sure. Here's the code for the video.php while loop: $username = $_SESSION['username']; $sql = "SELECT video, thumbnail, video_title, video_desc from videos0 WHERE uploader='$username'"; $result = mysqli_query($conn, $sql); //$row = mysqli_fetch_assoc($result); if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { $video = "/soapbox/" . $row['video']; $title = $row['video_title']; } } ?>

Thank you, archive! That seemed to do the trick! I had tried what you suggested above before, but with /index.php and soapbox/index.php (without the root-based path) and it wouldn't work. Thank you again archive!

I am trying to redirect a user from out of a page in another directory. I may have to break the task up into two functions and just call the appropriate function. Although, I do not want to do that if I do not have to. The dir is setup like this.... soapbox |-----channel | |------channel.php | | | | With the current algorithm in the function, if the user is at soapbox/channel/channel.php/, they would (or should) be re-routed to soapbox/ where the index.php file is automatically displayed. However, the user is re-routed to soapbox/channel/index.php, which does not exist. I have var_dumped the $_SERVER['HTTP_REFERER'] variable which returns/prints NULL. Is there any other way to achieve my task before splitting up the tasks into two functions and calling the appropriate function, in the case where user's are trying to access a page in a sub-dir of soapbox and need to be routed back to soapbox/? (What a run-on!) EDIT (display function): function isLoggedIn() { if (!(isset($_SESSION['logged_in_user'])) && $_SERVER['HTTP_REFERER'] == 'http://localhost/soapbox/channel/channel.php') { header('Location: ../index.php'); } else if (!(isset($_SESSION['logged_in_user']))) { //header('Location: index.php'); var_dump($_SERVER['HTTP_REFERER']); } }

Thread is solved, thanks Admin!

So impatient, I am still trying to convert the code. Maybe I should have kept it in mysqli instead of PDO. I have errors from trying to convert to PDO, I am going to ahead and try to fix those first.

I do so in the header.php script, it is present on every page on/in the site. <?php // Session is automatically incorporated into each page on the site. // Start new session. session_start(); if (!(isset($_SESSION['logged_in_user']))) { //header('Location: soapbox/'); ?> <html> <head> <meta content="text/html;charset=utf-8" http-equiv="Content-Type"> <meta content="utf-8" http-equiv="encoding"> <!-- <link rel="stylesheet" type="text/css" href="/css/header.css"> --> </head> <nav> <a class="logo">soapbox</a> <?php echo '<ul><li><a class="header" href="signup.php">Register | </a><a class="header" href="login.php">Login</a></li></ul>'; } elseif ($_SESSION['logged_in_user'] == TRUE) { echo '<ul><li><a class="header" href="logout.php">Logout</a> <a class="header" href="">'. $_SESSION['username'] . '</a></li></ul>'; } ?>

Well, I am having a bit of trouble of converting it to PDO. I am quite confused.

Whoops. my little silly mistake. Anyways, thank you for recommending me to use PDO and prepared statements, I have been reading up on them. I now understand their exact/intended purpose. Hmm, they even seem to be a bit more understandable and readable compared to the MySQLi statements offered. From what I understand any SQL injection attacks are futile with a combination of prepared statements and PDO? Seems like PDO and prepared statements can only be used in PHP when it comes to handling data. Also, the core issue of this forum has yet to be solved. I am still getting an error with the redirect. I place the beginning portion of the if statement at the very top of the header.php script.

I sure do 'Master Coder', however even without the 'i' there's still an error with the 'undefined constants' Fatal error: Uncaught Error: Undefined class constant 'ATTR_EMULATES_PREPARES' in /var/www/html/soapbox/dbcon/dbcon.php:18 Stack trace: #0 /var/www/html/soapbox/login.php(3): require() #1 {main} thrown in /var/www/html/soapbox/dbcon/dbcon.php on line 18

I hate to double post, but I'm doing it anyway. So, I have tried to set up a connection using PDO according to the hashphp wiki, I have ran into an error. Here's the code in dbcon/dbcon.php: <?php /*$host = "localhost"; $database = "soapbox"; $username = "root"; $password = "1234"; mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // Create connection $conn = mysqli_connect($host, $username, $password, $database); mysqli_select_db($conn, $database); */ $db = new PDO('mysqli: host = localhost; dbname = soapbox; charset = utf8mb4', 'root', '1234'); $db -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db -> setAttribute(PDO::ATTR_EMULATES_PREPARES, false); /*if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } else { echo "Connection successful!"; } if (!mysqli_select_db($conn, $database)) { echo " Database not selected!"; } else { echo " Database selected!"; }*/ ?> And here's the error received: Fatal error: Uncaught PDOException: could not find driver in /var/www/html/soapbox/dbcon/dbcon.php:13 Stack trace: #0 /var/www/html/soapbox/dbcon/dbcon.php(13): PDO->__construct('mysqli: host = ...', 'root', '1234') #1 /var/www/html/soapbox/login.php(3): require('/var/www/html/s...') #2 {main} thrown in /var/www/html/soapbox/dbcon/dbcon.php on line 13

Indeed, it is enabled. Ahem, so I do need both? I thought the opposite, well...interesting... If you say so.

Okay. Well, if this way works best and is the most efficient method, then why are all other methods not deprecated/why is one still allowed to use them? Just does not make any sense to me. Now, from what I understand prepared statements and PDO are two different things, yes? Is there anything I need to setup or reconfigure to get going with the prepared statements? There are not too many good resources on both prepared statements and PDO, at least the ones I have come across are not so good. Would you in any case use the method I was using before but if it were applied in a correct manner? For the record, I have re-added the line of code above back in. I didn't have it in, then I added it in the first time you gave an answer in a previous thread, then I found a way to make it work, so I removed your suggest code. But, now it is back in the script. EDIT: It was suggested that PDO is better than the mysqli_extension, so if you have any advice on how to start with PDO, that would be great. I took a look at what you linked me to on PDO in a previous thread, but the information did not seem to offer anything on how to actually 'add' the extension in. From what I understand PDO is something that you have to add in before you can use it with the code? :grimacing:

Sounds conservative in thought, but I will take it. Do you think I am re-inventing the wheel here? I have gotten that from many who have suggested the utilization of a framework. EDIT: I put 'submit' as a name in the input name field. I thought that would work, well at least it seemed to. But, I am still not understanding if it works with buttons, how you described it.

I do, however, there are multiple ways to accomplish something. But, I will stop being hard-headed and add it in.