chopps

That's a much better idea than I what I was going to do. Thanks very much for the input

Hello All, I am trying to learn more about PHP and MySQL and wanted to create a forums component into a site. The forums would allow users to vote how helpful an answer was similar to the system used by stackoverflow.com and yahoo answers. The issue I'm running into is how would I stop a user from voting for the same answer multiple times. I was thinking of creating a new column for each forum that will store the username of each user that has voted. The function would then check to see if the username is already in there before allowing them to vote but it seems like it may add some additional and unnecessary overhead. Does anyone know of a better way to accomplish this or am I just being overly paranoid? Also, any suggestions on what type of storage engine to use for this purpose would be nice. I was thinking MyISAM would work fine but not sure if I should use INNODB as it is transactional. Any advice would be much appreciated.

Sorry I haven't replied in a while (been a bit busy). Thank you very much for the replies. Turns out the problem was with an If statement being used to handle the authenticate function. The original code was: ********************************** if($session->is_logged_in()) { redirect_to("index.php"); } if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $found_user = User::authenticate($username, $password); if ($found_user) { $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); redirect_to("index.php"); } else { $message = "Username/password combination incorrect."; } } else { $username = ""; $password = ""; } ********************************** So, no matter what the outcume of the function they would be logged in as long as the username and password matched. I changed it to this: ********************************** if($session->is_logged_in()) { $message = "You are logged in!"; } if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $found_user = User::authenticate($username, $password, $is_verified); If ($found_user->is_verified == 1 ) { $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); redirect_to("index.php"); } elseif ($found_user->is_verified == 0 ) { $message = "You have not been verified"; } else { $message = "Username or Password incorrect."; } } else { $username = ""; $password = ""; } ********************************** Once I changed that I was able to get it working. P.S. @ignace - I am actually just trying to learn OOP PHP and am still an amateur but if you know of any good tutorials or books please let me know so I can improve. =-)

Thanks for the fast reply but the issue is still the same even with the changes you suggested. It still allows me to login with a user who has not yet been verified.

Hello All, So I need a little help with the login functionality of a site. Basically, I am using PHP OOP and have an authenticate function for logging in with the follwoing properties: protected static $table_name="users"; protected static $db_fields = array('id', 'username', 'password', 'user_type', 'first_name', 'last_name', 'is_verified', 'email', 'member_since', 'user_token'); public $id; public $username; public $password; public $user_type = "user"; public $first_name; public $last_name; public $email; public $is_verified="0"; public $member_since; public $user_token; The authentication function: public static function authenticate($username="", $password="") { global $db; $username = $db->escape_value($username); $password = $db->escape_value($password); $password = sha1($password); $sql = "SELECT * FROM users "; $sql .= "WHERE username = '{$username}' "; $sql .= "AND password = '{$password}' "; $sql .= "LIMIT 1"; $result_array = self::find_by_sql($sql); $user_type = $result_array['user_type']; $is_verified = $result_array['is_verified']; if(($user_type = "user") && ($is_verified = "1")) { $verified = !empty($result_array) ? array_shift($result_array) : false; } else { $message = "Please verify your account by checking your inbox for the verification message"; $verified = $message; } return $verified; } The SQL functions being used within Authentication are below: public static function find_by_sql($sql="") { global $db; $result_set = $db->query($sql); $object_array = array(); while ($row = $db->fetch_array($result_set)) { $object_array[] = self::instantiate($row); } return $object_array; } private static function instantiate($record) { $object = new self; foreach($record as $attribute=>$value) { if($object->has_attribute($attribute)) { $object->$attribute = $value; } } return $object; } Basically I want to make an array out of the entire row that is selected with MySQL and use it to check the additional field of 'is_verified'. If the value is equal to 1 then the user can be authenticated; Otherwise, there email address has not been verified and they cannot authenticate. But I'm a little confused because from what I can tell the $result_array being used int he Authenticate function should return an associative array with id and key values the same as the column names in the table but it doesn't appear to be working. I tried with a username that was not verified and they were able to authenticate just the same. Am I doing something wrong? Also, if there is a better way to do this I am all ears. Thanks.

Oh, lol! Good catch. Strange that it worked when I commented out the constructor though. I set the properties equal to the variables declared earlier and it worked perfectly. Thanks for the quick reply.

Hello All, I have been having a problem recently with a constructor function that is responsible for encrypting the password every time a user logs in or creates a new account. I am using PHP OOP and the constructor function belongs to the user class. I have included the snippet below: ********************* function __construct($encrypt_pass) { $this->password = sha1($encrypt_pass); } ********************* I have the following code in the head of my register form which calls the create function once everything has been verified: <?php if ((isset($_POST['register'])) && ($_POST['email']) == ($_POST['email_verify'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $email = trim($_POST['email']); $first_name = trim($_POST['first_name']); $last_name = trim($_POST['last_name']); $create_new_user = new User($password); $create_new_user->username; $create_new_user->password; $create_new_user->email; $create_new_user->first_name; $create_new_user->last_name; $create_new_user->create(); $message = "Please check you inbox and follow the instructions to verify your account; Otherwise it will be deleted after seven days."; } elseif ((isset($_POST['register'])) && ($_POST['email']) != ($_POST['email_verify'])) { $message = "The email addresses did not match! Please enter them again."; } else { $username = ""; $password = ""; $email = ""; $email_verify = ""; $first_name = ""; $last_name = ""; } ?> ****************************** I'm not sure if I'm using the constructor correctly or not. When I instantiate the object it will give me an error unless I pass in the $password variable, $create_new_user = new User($password);, but every time I do it fails to input the other fields into the database. I know the create function is working correctly because I commented out the constructor and removed the $password variable from the initial object call and everything worked fine. Please let me know what I am doing wrong. Any help would be very much appreciated.

Yeah, at least I had the constructor part right, lol. Thank you very much for the advice.

Hello all, I have been trying to create a new constructor function using OOP PHP that will automatically encrypt passwords before they are sent to the database. However, I am not sure if my understanding of constructors is wrong if I am just not doing it right. As I understand it a constructor function will allow you to perform an operation on an object before the object is used. I have included some snippets of my code and would appreciate any insight on this matter: Code from the User object is below: function __construct($encrypt_pass) { $this->password = $encrypt_pass; } public function new_user() { $create_new_user = new User(); if(isset($create_new_user->id)) { $create_new_user->update(); } else { return false; } } public static function authenticate($username="", $password="") { global $db; $username = $db->escape_value($username); $password = $db->escape_value($password); $sql = "SELECT * FROM users "; $sql .= "WHERE username = '{$username}' "; $sql .= "AND password = '{$password}' "; $sql .= "LIMIT 1"; $result_array = self::find_by_sql($sql); return !empty($result_array) ? array_shift($result_array) : false; } The following code is from the administrative script to create a new user: <?php if(isset($_POST['submit'])) { $create_new_user = new User(); $create_new_user->username = trim($_POST['username']); $create_new_user->password = trim($_POST['password']); $create_new_user->first_name = trim($_POST['first_name']); $create_new_user->last_name = trim($_POST['last_name']); $create_new_user->email = trim($_POST['email']); if($create_new_user && $create_new_user->create()) { $session->message("echo $username has been successfully added as a new us$ redirect_to("index.php"); } else { $message = "There was an error while creating the new user. Please contact$ } } else { $username =""; $password =""; $first_name=""; $last_name=""; $email=""; } ?> The following snippet is from the login page: if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $found_user = User::authenticate($username, $password); if ($found_user) { $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); redirect_to("index.php"); } else { $message = "Username/password combination incorrect."; } } else { $username = ""; $password = ""; } ?> Since I am using the sha algorithm built into PHP I figured it would be best to build it into the object so it would occur automatically.

HAZAA! Thanks very much. IT worked

Hello All, I have been struggling with this one for a while. I have created a form in a dev environment which will post back to itself. Once it posts back to itself it should have an html textarea at the top which works and the rest of the php works as well. However, I have not been able to display the output of the code generated by PHP in the text area. I have tried several ways and have still been unable; I have included one of these ways below: if(isset($_POST['submit'])) { $ossl->do_csr(); echo "<p>CSR: <TEXTAREA Name=\"comments\" rows=\"30\" cols=\"90\" value=\"<?php echo $ossl->csr; ?>\"></TEXTAREA></p>"; Does anyone know how to accomplish this? P.S. Kinda new at this so please excuse my ignorance

Nevermind, a closer look at my phpinfo page reveals that it is enabled. sorry

I have been trying to enable openssl for php using a lamp server with php 5.3. I have successfully installed open-ssl but I couldn't find the extension within the php.ini file. I'm using php version 5.3 with Apache 2.2 on a debian-lenny distro and already have some sites that are using PHP so I would like to find a way to do it without reinstalling php. Some one help please.

Hello All, Does anyone know of any debugging applications for PHP? I recently upgraded to PHP 5.3.2 to take advantage of LSB but now I am seeing some unexpected results. The Late Static Bindings seem to be working correctly but they are trying to access functions I never told them to. Are there any applications that will allow you to see all of the calls PHP is making throughout any given request?

Wuhoo! Thanks for the help. I was able to successfully upgrade using apt-get install php5 and it automatically updated using the newer packages.