matthewhaworth

Ok, I posted earlier and thought that the problem was fixed. It isn't. <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { // This is where I will store the database class. private $_db; // Construct the user class. This means taking the object $db and applying it to the private variable $_db. function __construct(&$db) { $this->_db = $db; } // The check login function sees if the $_SESSION['user']['loggedin'] variable is set to true and returns // true or false depending on what it finds. Actually useless as the code if($_SESSION['user']['loggedin']) // would work adequately. function checkLogin() { if ($_SESSION['user']['loggedin']) { return true; } else { return false; } } // The register function accepts two arguments, $email and $password. It cleans both variables before placing // them into the database and logging the user in. function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Encrypt the password to compare to the one stored in the database $password = md5($password); // This creates a date compliant with SQL's datetime format $date = date('Y-m-d H-i-s'); // This checks to see if the username already exists. $sql = "SELECT email FROM users WHERE email='".$email."';"; $query = $this->_db->query($sql); $numrows = $this->_db->numrows($query); if($numrows > 0) { return "Email already exists"; } // The following SQL inserts the email, password and registered datetime into the database. $sql = "INSERT INTO users(email, password, registered) VALUES('" . $email . "', '" . $password . "', '" . $date . "');"; // This calls up the query function in my database class to apply the SQL. if ($this->_db->query($sql)) { // If the query is successful, log the user in and hence set up the sessions variables. $this->login($email, $password); return true; } else { // If the query fails, return the function as false. return false; } } // This ia a function to load the Details of the user into session variables, it takes the $email only, // this is why I have made it a private function, so I can't accidently cheat a user into it. It is called // only from the function 'login' which sets the 'loggedin' session variable itself. private function loadDetails($email) { // This sql selects all of the user information besides the password. $sql = "SELECT iD, email, registered FROM users WHERE email='" . $email . "';"; // This processes the query, once again using my database class. $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $this->_db->fetch_assoc($query); //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { echo $key; echo $value; $userinf[$key] = $value; } // This applies the $userinf array to the session variable 'user' $_SESSION['user'] = $userinf; // This is simply a check to see if it was successful. if (isset($_SESSION['user']['email'])) { return true; } else { return false; } } function login($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); if ($this->_db->numrows($query) > 0) { // Set sessions for rest of user details.. if ($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. return false; } } else { //...return false. return false; } } } ?> Ok, the whole of the code is located above, however, that may not be necessary. Look at the following: <?php //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { echo $key; echo $value; $userinf[$key] = $value; } ?> Whenever I echo the values out before applying them to $userinf.. it print_r's the user information.. however when I comment them out, or delete the echo's.. so it looks like this. <?php //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { //echo $key; //echo $value; $userinf[$key] = $value; } ?> It tries to apply the object 'user' to the array, and print_r's the object 'user''s variables leaving me with this: user Object ( [_db:private] => db Object ( [_db:private] => mysqli Object ( ) [_queries:private] => 0 ) ) this is beyond me.. any help would be greatly appreciated?

Ah. I tried that and got the following. iD4emailthomas @ thomas . comregistered2007-08-18 02:44:39 (// I seperated em to prevent an automatically created link) That means that the problem must occur when it appends it to the $_SESSION['user']. ??? why is this? FIXED . Thanks a lot!

I don't mean to double post but I couldn't locate the edit function to edit my previous post. Anyways. I completely annotated my code so that you can understand exactly what is going on. I highlighted where the error is. <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { // This is where I will store the database class. private $_db; // Construct the user class. This means taking the object $db and applying it to the private variable $_db. function __construct(&$db) { $this->_db = $db; } // The check login function sees if the $_SESSION['user']['loggedin'] variable is set to true and returns // true or false depending on what it finds. Actually useless as the code if($_SESSION['user']['loggedin']) // would work adequately. function checkLogin() { if ($_SESSION['user']['loggedin']) { return true; } else { return false; } } // The register function accepts two arguments, $email and $password. It cleans both variables before placing // them into the database and logging the user in. function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Encrypt the password to compare to the one stored in the database $password = md5($password); // This creates a date compliant with SQL's datetime format $date = date('Y-m-d H-i-s'); // This checks to see if the username already exists. $sql = "SELECT email FROM users WHERE email='".$email."';"; $query = $this->_db->query($sql); $numrows = $this->_db->numrows($query); if($numrows > 0) { return "Email already exists"; } // The following SQL inserts the email, password and registered datetime into the database. $sql = "INSERT INTO users(email, password, registered) VALUES('" . $email . "', '" . $password . "', '" . $date . "');"; // This calls up the query function in my database class to apply the SQL. if ($this->_db->query($sql)) { // If the query is successful, log the user in and hence set up the sessions variables. $this->login($email, $password); return true; } else { // If the query fails, return the function as false. return false; } } // This ia a function to load the Details of the user into session variables, it takes the $email only, // this is why I have made it a private function, so I can't accidently cheat a user into it. It is called // only from the function 'login' which sets the 'loggedin' session variable itself. private function loadDetails($email) { // This sql selects all of the user information besides the password. $sql = "SELECT iD, email, registered FROM users WHERE email='" . $email . "';"; // This processes the query, once again using my database class. $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $this->_db->fetch_assoc($query); // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { // THIS IS WHERE THE ERROR EXISTS. $userinf[$key] = $value; } // This applies the $userinf array to the session variable 'user' $_SESSION['user'] = $userinf; // This is simply a check to see if it was successful. if (isset($_SESSION['user']['email'])) { return true; } else { return false; } } // This function exists to check is the user is valid and also load the sessions variables using the private function, loadDetails.. function login($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); if ($this->_db->numrows($query) > 0) { // Set sessions for rest of user details.. if ($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. return false; } } else { //...return false. return false; } } } ?>

So no one can help me then?

<?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { private $_db; //private $_email; //private $_password; function __construct(&$db) { $this->_db = $db; } function checkLogin() { if($_SESSION['user']['loggedin']) { return true; } else { return false; } } function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. $password = md5($password); $date = date('Y-m-d H-i-s'); // See if the user already exists.. if($this->login($email, $password, false)) { return false; } $sql = "INSERT INTO users(email, password, registered) VALUES('".$email."', '".$password."', '".$date."');"; if($this->_db->query($sql)) { $this->login($email, $password); return true; } else { return false; } } private function loadDetails($email) { $sql = "SELECT iD, email, registered FROM users WHERE email='". $email ."';"; $query = $this->_db->query($sql); $userinfo = $this->_db->fetch_assoc($query); foreach ($userinfo as $key => $value) { $userinf[$key] = $value; } $_SESSION['user'] = $userinf; if(isset($_SESSION['user']['email'])) { return true; } else { return false; } } function login($email, $password, $sessions = true) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); //print($this->_db->numrows($query)); if ($this->_db->numrows($query) > 0) { // I don't know why but I wanted to have the class know the email, on initialisation //$this->_email = $email; // Infact, scrap that now. // If I want to apply sessions, here they are. if($sessions) { // Set sessions for rest of user details.. if($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. return false; } } else { return true; } // If the user doesn't exist in the database... } else { //...return false. return false; } } } ?> When I print_r my $_SESSION['user'] after calling my login script (the sessions are set in loadDetails)... i get this output user Object ( [_db:private] => db Object ( [_db:private] => mysqli Object ( ) [_queries:private] => 0 ) [external] => ) As though it's applied my user object to my $_SESSION['user']. I don't understand. ???

Any advice on how to debug this? <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { private $_db; //private $_email; //private $_password; function __construct(&$db) { $this->_db = $db; } function checkLogin() { if($_SESSION['user']['loggedin']) { return true; } else { return false; } } function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. $password = md5($password); $date = date('Y-m-d H-i-s'); // See if the user already exists.. if($this->login($email, $password, false)) { return false; } $sql = "INSERT INTO users(email, password, registered) VALUES('".$email."', '".$password."', '".$date."');"; if($this->_db->query($sql)) { $this->login($email, $password); return true; } else { return false; } } private function loadDetails($email) { $sql = "SELECT iD, email, registered FROM users WHERE email='". $email ."';"; $query = $this->_db->query($sql); $userinfo = $this->_db->fetch_assoc($query); foreach ($userinfo as $key => $value) { $_SESSION['user'][$key] = $value; } if(isset($_SESSION['user']['email'])) { return true; } else { return false; } } function login($email, $password, $sessions = true) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. if ($this->_db->numrows($sql) > 0) { // I don't know why but I wanted to have the class know the email, on initialisation //$this->_email = $email; // Infact, scrap that now. // If I want to apply sessions, here they are. if($sessions) { // Set sessions for rest of user details.. if($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. return false; } } else { return true; } // If the user doesn't exist in the database... } else { //...return false. return false; } } } ?> I'm running it with this.. <?php /** * login.test.php * @author matthew * @copyright 2007 */ require("init.php"); if(isset($_POST['email'])) { if($user->login($_POST['email'], $_POST['password'])) { header("location: login.test.php"); } else { echo "FATALERROR"; } } ?> <html> <head> <title>Registration test</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="POST"> email:<input type = "text" id="email" name="email" /><br /> password:<input type = "text" id="password" name="password" /><br /> <input type="submit" value="login" /></form> </body> </html>

Ok, I have to admit. I'm new to PHP. Recently, I've been developing a user login system and have looked at many tutorials. In these tutorials I have noticed that they save the sessions variables, and I don't know why. The idea of saving the sessions variables completely goes against the definition of the word session. It becomes more than a session. If you want to save the user details for the next time they visit the website then would you just not use a cookie? Hey, I'm new to this community, I hope to get a lot from it as well as put a lot back in