chopps

That's a much better idea than I what I was going to do. Thanks very much for the input

Hello All, I am trying to learn more about PHP and MySQL and wanted to create a forums component into a site. The forums would allow users to vote how helpful an answer was similar to the system used by stackoverflow.com and yahoo answers. The issue I'm running into is how would I stop a user from voting for the same answer multiple times. I was thinking of creating a new column for each forum that will store the username of each user that has voted. The function would then check to see if the username is already in there before allowing them to vote but it seems like it may add some additional and unnecessary overhead. Does anyone know of a better way to accomplish this or am I just being overly paranoid? Also, any suggestions on what type of storage engine to use for this purpose would be nice. I was thinking MyISAM would work fine but not sure if I should use INNODB as it is transactional. Any advice would be much appreciated.

Sorry I haven't replied in a while (been a bit busy). Thank you very much for the replies. Turns out the problem was with an If statement being used to handle the authenticate function. The original code was: ********************************** if($session->is_logged_in()) { redirect_to("index.php"); } if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $found_user = User::authenticate($username, $password); if ($found_user) { $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); redirect_to("index.php"); } else { $message = "Username/password combination incorrect."; } } else { $username = ""; $password = ""; } ********************************** So, no matter what the outcume of the function they would be logged in as long as the username and password matched. I changed it to this: ********************************** if($session->is_logged_in()) { $message = "You are logged in!"; } if (isset($_POST['submit'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $found_user = User::authenticate($username, $password, $is_verified); If ($found_user->is_verified == 1 ) { $session->login($found_user); log_action('Login', "{$found_user->username} logged in."); redirect_to("index.php"); } elseif ($found_user->is_verified == 0 ) { $message = "You have not been verified"; } else { $message = "Username or Password incorrect."; } } else { $username = ""; $password = ""; } ********************************** Once I changed that I was able to get it working. P.S. @ignace - I am actually just trying to learn OOP PHP and am still an amateur but if you know of any good tutorials or books please let me know so I can improve. =-)

Thanks for the fast reply but the issue is still the same even with the changes you suggested. It still allows me to login with a user who has not yet been verified.

Hello All, So I need a little help with the login functionality of a site. Basically, I am using PHP OOP and have an authenticate function for logging in with the follwoing properties: protected static $table_name="users"; protected static $db_fields = array('id', 'username', 'password', 'user_type', 'first_name', 'last_name', 'is_verified', 'email', 'member_since', 'user_token'); public $id; public $username; public $password; public $user_type = "user"; public $first_name; public $last_name; public $email; public $is_verified="0"; public $member_since; public $user_token; The authentication function: public static function authenticate($username="", $password="") { global $db; $username = $db->escape_value($username); $password = $db->escape_value($password); $password = sha1($password); $sql = "SELECT * FROM users "; $sql .= "WHERE username = '{$username}' "; $sql .= "AND password = '{$password}' "; $sql .= "LIMIT 1"; $result_array = self::find_by_sql($sql); $user_type = $result_array['user_type']; $is_verified = $result_array['is_verified']; if(($user_type = "user") && ($is_verified = "1")) { $verified = !empty($result_array) ? array_shift($result_array) : false; } else { $message = "Please verify your account by checking your inbox for the verification message"; $verified = $message; } return $verified; } The SQL functions being used within Authentication are below: public static function find_by_sql($sql="") { global $db; $result_set = $db->query($sql); $object_array = array(); while ($row = $db->fetch_array($result_set)) { $object_array[] = self::instantiate($row); } return $object_array; } private static function instantiate($record) { $object = new self; foreach($record as $attribute=>$value) { if($object->has_attribute($attribute)) { $object->$attribute = $value; } } return $object; } Basically I want to make an array out of the entire row that is selected with MySQL and use it to check the additional field of 'is_verified'. If the value is equal to 1 then the user can be authenticated; Otherwise, there email address has not been verified and they cannot authenticate. But I'm a little confused because from what I can tell the $result_array being used int he Authenticate function should return an associative array with id and key values the same as the column names in the table but it doesn't appear to be working. I tried with a username that was not verified and they were able to authenticate just the same. Am I doing something wrong? Also, if there is a better way to do this I am all ears. Thanks.

Oh, lol! Good catch. Strange that it worked when I commented out the constructor though. I set the properties equal to the variables declared earlier and it worked perfectly. Thanks for the quick reply.

Hello All, I have been having a problem recently with a constructor function that is responsible for encrypting the password every time a user logs in or creates a new account. I am using PHP OOP and the constructor function belongs to the user class. I have included the snippet below: ********************* function __construct($encrypt_pass) { $this->password = sha1($encrypt_pass); } ********************* I have the following code in the head of my register form which calls the create function once everything has been verified: <?php if ((isset($_POST['register'])) && ($_POST['email']) == ($_POST['email_verify'])) { $username = trim($_POST['username']); $password = trim($_POST['password']); $email = trim($_POST['email']); $first_name = trim($_POST['first_name']); $last_name = trim($_POST['last_name']); $create_new_user = new User($password); $create_new_user->username; $create_new_user->password; $create_new_user->email; $create_new_user->first_name; $create_new_user->last_name; $create_new_user->create(); $message = "Please check you inbox and follow the instructions to verify your account; Otherwise it will be deleted after seven days."; } elseif ((isset($_POST['register'])) && ($_POST['email']) != ($_POST['email_verify'])) { $message = "The email addresses did not match! Please enter them again."; } else { $username = ""; $password = ""; $email = ""; $email_verify = ""; $first_name = ""; $last_name = ""; } ?> ****************************** I'm not sure if I'm using the constructor correctly or not. When I instantiate the object it will give me an error unless I pass in the $password variable, $create_new_user = new User($password);, but every time I do it fails to input the other fields into the database. I know the create function is working correctly because I commented out the constructor and removed the $password variable from the initial object call and everything worked fine. Please let me know what I am doing wrong. Any help would be very much appreciated.