Jump to content

Recommended Posts

Hi, I am trying to create a login system in PHP, but I am not the greatest at PHP so I am using a source code which I found online as I found it to be more secure as it uses things like salted passwords. Anyway I am trying to add more fields to the register system so it adds them to the mysql, the source has a way to do this with arrays, but it is quite complicated so I am just using variables from the original file. There are 2 files: register.php and class.loginsys.php which contains all the functions. At first the query syntax was incorrect so I decided to use the variables created in register.php in the class.loginsys, but now it's giving me an out of memory error:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 28672 bytes) in C:\xampp\htdocs\ls\class.loginsys.php on line 34

 

 Which I am unsure of how to fix. I have tried using different variable names, checking the line, checking the whole register.php file for anything rogue. Here is the code: 

Top part of register.php 

<?php
include "config.php";
?>

Config.php: 

<?php
require "class.loginsys.php";
$LS=new LoginSystem();
?>

Then actual register part from register.php: 

<?php
	   	if( isset($_POST['submit']) ){
	   			$firstname2 = $_POST['firstname'];
	   			$lastname2 = $_POST['lastname'];
	    		$user2	 = $_POST['username'];
	    		$sex2 = $_POST['sex'];
	    		$country2 = $_POST['strCountryChoice'];
	    		$email2 = $_POST['email'];
	    		$pass2	 = $_POST['pass'];
	    		$pass3 = $_POST['pass2'];
	    		$birthdate2 = $_POST['birthdate'];
	    		$created2 = date("Y-m-d H:i:s");
	    		//need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars
	    		if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){
	     			echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields.";
	     			exit;
	    		}
	    		if( !$LS->validEmail($email2) ){
	     			echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid";
	     			exit;
	    		}
	    		if( !ctype_alnum($user2) ){
	     			echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters.";
	     			exit;
	    		}
	    		if($pass2 != $pass3){
		     		echo "Passwords Don't Match","The Passwords you entered didn't match";
	     			exit;
	    		}
   	 		$createAccount2 = $LS->register($user2, $pass2,
	    			array(
	    				"email" 	 => $email2,
	    				"name" 	 => $firstname2,
	    				"lastname" => $lastname2,
	    				"gender" => $sex2,
	    				"country" => $country2,
	    				"DOB" => $birthdate2,
	    				"created" => date("Y-m-d H:i:s") // Just for testing

	    			)
	    		);
			//$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created);
	    		if($createAccount2 === "exists"){
	     			echo "User Exists.";
	    		}elseif($createAccount2 === true){
	     			echo "Success. Created account.";
	    		}
	   	}
	   	?>

And the function from the class: 

	/* A function to register a user with passing the username, password and optionally any other additional fields. */
	public function register( $id, $password, $other = array() ){
		if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){
			return "exists";
		}else{
			$randomSalt	= $this->rand_string(20);
			$saltedPass	= hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}");
			
			if( count($other) == 0 ){
				/* If there is no other fields mentioned, make the default query */
				//old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)");
				//new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)");
				$sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)");
			}else{
				/* if there are other fields to add value to, make the query and bind values according to it */
				//old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)");
				//new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)");
				$keys	 = array_keys($other);
				$columns = implode(",", $keys);
				$colVals = implode(",:", $keys);
			//l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)");
				//INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com')
				$sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')");
				print($sql);
				foreach($other as $key => $value){
					$value = htmlspecialchars($value);
					$sql->bindValue(":$key", $value);
				}
			}
			/* Bind the default values */
			$sql->bindValue(":username", $id);
			$sql->bindValue(":password", $saltedPass);
			$sql->bindValue(":passwordSalt", $randomSalt);
			$sql->execute();
			return true;
		}
	}
	

Thanks for your help. I am doing this because for a hobby I am trying to create a browser based game in which I use this login system to login the user to a main page then code all of the other pages myself. I have posted on stackoverflow and someone on their suggested that I should use a framework. If this is the case, can someone point me in the right direction?

 

Thanks again, if you need any info ask.

The script does not have enough memory determined by php settings

It's exceeding 128mb of memory.

The random and hashing process using too much?

 

If you added this to the top of the script can set the memory per script

ini_set('memory_limit','256M');//set amount to what need

For testing purposes you can set it to unlimited.

ini_set('memory_limit', '-1');

I feel if you set the memory higher and still runs out or is taking long to execute the script then you need to redesign your code to be more efficient.

To increase the timeout is this.

set_time_limit(100);//amount in seconds

You can also make changes to your php.ini file, but you don't really want to allow too much per script or will for sure run into issues entire server.

that 134Mb of memory being consumed is not because of the code you have posted. that's just where the code was running at when memory was exhausted. something else on the page, either the total amount of code and static data, or the dynamic data leading up to the point where the error is being reported at is what is consuming that amount of memory.

 

 you need to profile the memory usage at various points in your code to find where the large amounts of memory are being used at. if you would like anyone here to try to see what things the code could be doing to consume large amounts of memory, you would need to post all the code (the problem could be code and static data present after the point where the error is occurring at) for that page, less any database credentials.

 

 

I am trying to create a browser based game

 

 

if you are copying something you found on the web, be advised that most game code found on the web started life as a classroom exercise, to teach basic programming, and are not how you would write an actual browser based game because they typically don't have any proper memory management, don't have efficient code, and aren't written as general purpose code that is easy to configure/change, debug, or maintain. it is always best to just learn how to program first, then write, from scratch, your own code that does what you want, rather than copying things you may find on the web.

Hi, Thanks for the replies. I already tried making the max memory -1, still errors. I am going to try the time limit and report back. I am going to code the rest of the game myself this is just a login system and I wanted something that was secure. It would really help if someone could point me in the right direction to whether it is a good system, or whether I should code my own or use another. I would also like to know whether I should use a framework.

Should I upload the class file and the register.php file or paste all the code from them in code tags?

Thanks again.

if you changed the memory limit and you are still getting memory errors, with the total memory mentioned in the error changing to match the new limit you set, your code has a logic error (usually a loop/array problem of some kind) and it will consume all available memory, no matter how much you make available. you must find what is causing the problem in order to fix it.

 

if you cannot determine what is causing the problem youself, you will need to post all the relevant code, less any database credentials.

Hi again, here is the code:

<?php
/*
.---------------------------------------------------------------------------.
|  Software: PHP Login System - PHP logSys                                  |
|   Version: 0.3                                                            |
|   Contact: http://github.com/subins2000/logsys  (also subinsb.com)        |
|      Info: http://github.com/subins2000/logsys                            |
|   Support: http://subinsb.com/ask/php-logsys                              |
| ------------------------------------------------------------------------- |
|    Author: Subin Siby (project admininistrator)                           |
| Copyright (c) 2014, Subin Siby. All Rights Reserved.                      |
| ------------------------------------------------------------------------- |
|   License: Distributed under the General Public License (GPL)             |
|            http://www.gnu.org/licenses/gpl-3.0.html                       |
| This program is distributed in the hope that it will be useful - WITHOUT  |
| ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or     |
| FITNESS FOR A PARTICULAR PURPOSE.                                         |
'---------------------------------------------------------------------------'
*/
include "register.php";
ini_set("display_errors", "on");

class LoginSystem {

	/* Start Config */
 	private $dbhost
 	private $dbport
 	private $dbuser
 	private $dbpass
 	private $dbname
 	private $dbtable
//db credentials here ^^
 
 	private $secureKey
 	private $passwordSalt
 	private $company 
//more stuff here which i assume you don't need to know.

 	var $phpsessionstart	= true;	// Should I Start A PHP Session
	var $emailLogin			= true;	// Make Login With Username & E-Mail Possible
	var $rememberMe			= true;	// Add Remember Me Feature.
	var $blockBruteForce	= true; // Deny login for $LS->bfTime seconds after incorrect login tries of 5
 	
		/* Extra Settings*/
		
			// Set the following variables only if you're going to use $LS->init()
			private $staticPages  	= array(
				"/ls", "/ls/reset.php"
			); // Pages that doesn't require logging in (exclude login page)
			
			private $loginPage    	= "/ls/login.php"; // The login page. ex : /login.php or /accounts/login.php
			private $homePage     	= "/ls/home.php"; // The home page. The main page for logged in users. Redirects to here when logs in
			public $bfTime			= 300; // The time IN SECONDS for which block from login action should be done after 5 incorrect login attempts. Use http://www.easysurf.cc/utime.htm#m60s for converting minutes to seconds. Default : 5 minutes
			
 	/* End Config */
 
	public $loggedIn 		= false;
	public $db				= true;
	public $user			= false;
	private $initCalled		= false;
	private $cookie;
	private $session;
	private $remCook;
	private $dbh;
 
	public function __construct(){
		if($this->phpsessionstart == true){
			session_start();
		}
  		
		/* Try connecting to Database Server */
		try{
			/* Merge the login page to the pages array that doesn't need logging in */
			array_push($this->staticPages, $this->loginPage);
			
			$this->dbh		= new PDO("mysql:dbname={$this->dbname};host={$this->dbhost};port={$this->dbport}", $this->dbuser, $this->dbpass);
			$this->db 		= true;
			$this->cookie	= isset($_COOKIE['logSyslogin']) ? $_COOKIE['logSyslogin'] : false;
			$this->session  = isset($_SESSION['logSyscuruser']) ? $_SESSION['logSyscuruser'] : false;
			$this->remCook  = isset($_COOKIE['logSysrememberMe']) ? $_COOKIE['logSysrememberMe'] : false;
			
			$encUserID 		= hash("sha256", "{$this->secureKey}{$this->session}{$this->secureKey}");
			$this->loggedIn = $this->cookie == $encUserID ? true : false;
			
			/* If there is a Remember Me Cookie and the user is not logged in, then log in the user with the ID in the remember cookie, if it matches with the secure hashed value in logSyslogin cookie */
			if($this->rememberMe === true && isset($this->remCook) && $this->loggedIn === false){
				
				$encUserID		= hash("sha256", "{$this->secureKey}{$this->remCook}{$this->secureKey}");
				$this->loggedIn = $this->cookie == $encUserID ? true : false;
				
				if($this->loggedIn === true){
					$_SESSION['logSyscuruser'] = $this->remCook;
				}
			}
			
			$this->user = $this->session;
			return true;
			
		}catch( PDOException $e ) {
			return false;
		}
	}
	
	/* A function that will automatically redirect user according to his/her login status */
	public function init() {
		if( $this->loggedIn && array_search($this->curPage(), $this->staticPages) !== false ){
			$this->redirect($this->homePage);
		}elseif( !$this->loggedIn && array_search($this->curPage(), $this->staticPages) === false ){
			$this->redirect($this->loginPage);
		}
		$this->initCalled = true;
	}
	
	/* A function to login the user with the username and password given. */
	public function login($username, $password, $cookies = true){
		if($this->db === true){
			
			/* We Add LIMIT to 1 in SQL query because we need to just get an array of data with key as the column name. Nothing else. */
			if($this->emailLogin === true){
				$query = "SELECT `id`, `password`, `password_salt`, `attempt` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login ORDER BY `id` LIMIT 1";
			}else{
				$query = "SELECT `id`, `password`, `password_salt`, `attempt` FROM `{$this->dbtable}` WHERE `username`=:login ORDER BY `id` LIMIT 1";
			}
			
			$sql = $this->dbh->prepare($query);
			$sql->bindValue(":login", $username);
			$sql->execute();
			
			if($sql->rowCount() == 0){
				// No such user like that
				return false;
			}else{
				/* Get the user details */
				$rows		= $sql->fetch(PDO::FETCH_ASSOC);
				$us_id		= $rows['id'];
				$us_pass 	= $rows['password'];
				$us_salt 	= $rows['password_salt'];
				$status 	= $rows['attempt'];
				$saltedPass = hash('sha256', "{$password}{$this->passwordSalt}{$us_salt}");
				
				if(substr($status, 0, 2) == "b-"){
					$blockedTime = substr($status, 2);
					if(time() < $blockedTime){
						$block = true;
						return array(
							"status" 	=> "blocked",
							"minutes"	=> round(abs($blockedTime - time()) / 60, 0),
							"seconds"	=> round(abs($blockedTime - time()) / 60*60, 2)
						);
					}else{
						// remove the block, because the time limit is over
						$this->updateUser(array(
							"attempt" => "" // No tries at all
						), $us_id);
					}
				}
				if(!isset($block) && ($saltedPass == $us_pass || $password == "")){
					if($cookies === true){
						
						$_SESSION['logSyscuruser'] = $us_id;
						setcookie("logSyslogin", hash("sha256", $this->secureKey.$us_id.$this->secureKey), time()+3600*99*500, "/");
						
						if( isset($_POST['remember_me']) && $this->rememberMe === true ){
							setcookie("logSysrememberMe", $us_id, time()+3600*99*500, "/");
						}
						$this->loggedIn = true;
						
						// Update the attempt status
						$this->updateUser(array(
							"attempt" => "" // No tries
						), $us_id);
						
						// Redirect
						if( $this->initCalled ){
							$this->redirect($this->homePage);
						}
					}
					return true;
				}else{
					// Incorrect password
					if($this->blockBruteForce === true){
						// Checking for brute force is enabled
						if($status == ""){
							// User was not logged in before
							$this->updateUser(array(
								"attempt" => "1" // Tried 1 time
							), $us_id);
						}else if($status == 5){
							$this->updateUser(array(
								"attempt" => "b-" . strtotime("+{$this->bfTime} seconds", time()) // Blocked, only available for re-login at the time in UNIX timestamp
							), $us_id);
						}else if(substr($status, 0, 2) == "b-"){
							// Account blocked
						}else if($status < 5){
							// If the attempts are less than 5 and not 5
							$this->updateUser(array(
								"attempt" => $status + 1 // Tried current tries + 1 time
							), $us_id);
						}
					}
					return false;
				}
			}
		}
	}
	
	/* A function to register a user with passing the username, password and optionally any other additional fields. */
	public function register( $id, $password, $other = array() ){
		if( $this->userExists($id) && (isset($other['email']) && $this->userExists($other['email'])) ){
			return "exists";
		}else{
			$randomSalt	= $this->rand_string(20);
			$saltedPass	= hash('sha256', "{$password}{$this->passwordSalt}{$randomSalt}");
			
			if( count($other) == 0 ){
				/* If there is no other fields mentioned, make the default query */
				//old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)");
				//new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)");
				$sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`) VALUES(:username, :password, :passwordSalt)");
			}else{
				/* if there are other fields to add value to, make the query and bind values according to it */
				//old query: ("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)");
				//new query: ("INSERT INTO `{$this->dbtable}` (`username`, 'email' , `password`, `password_salt` , 'name' , 'lastname' , 'gender' , 'country' , 'DOB') VALUES(:username, :email, :pass, :passwordSalt, :firstname, :lastname, :gender, :country, :DOB)");
				$keys	 = array_keys($other);
				$columns = implode(",", $keys);
				$colVals = implode(",:", $keys);
			//l= $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (`username`, `password`, `password_salt`, $columns) VALUES(:username, :password, :passwordSalt, :$colVals)");
				//INSERT INTO MyGuests (firstname, lastname, email)cLUES ('John', 'Doe', 'john@example.com')
				$sql = $this->dbh->prepare("INSERT INTO `{$this->dbtable}` (username,email,password,password_salt,name,lastname,created,gender,country,DOB) VALUES ('$username2','$email2','$pass2','$saltedPass','$firstname2','$lastname2','$created2','$gender2','$country2','$birthdate2')");
				print($sql);
				foreach($other as $key => $value){
					$value = htmlspecialchars($value);
					$sql->bindValue(":$key", $value);
				}
			}
			/* Bind the default values */
			$sql->bindValue(":username", $id);
			$sql->bindValue(":password", $saltedPass);
			$sql->bindValue(":passwordSalt", $randomSalt);
			$sql->execute();
			return true;
		}
	}
	
	/* Logout the current logged in user by deleting the cookies and destroying session */
	public function logout(){
		session_destroy();
		setcookie("logSyslogin", "", time()-3600, "/");
		setcookie("logSysrememberMe", "", time()-3600, "/");
		$this->redirect($this->loginPage);
		return true;
	}
	
	/* A function to handle the Forgot Password process */
	public function forgotPassword(){
		
		$curStatus = "initial";	// The Current Status of Forgot Password process
		$identName = $this->emailLogin === false ? "Username" : "Username / E-Mail";
		
		if( !isset($_POST['logSysforgotPass']) && !isset($_GET['resetPassToken']) && !isset($_POST['logSysforgotPassRePass']) ){
			$html='<form action="'.$_SERVER['PHP_SELF'].'" method="POST">';
				$html.="<label>$identName<br/><input type='text' id='loginSysIdentification' placeholder='Enter your $identName' size='25' name='identification'/></label>";
				$html.="<br/><button name='logSysforgotPass' type='submit'>Reset Password</button>";
			$html.="</form>";
			echo $html;
			$curStatus = "resetPasswordForm"; // The user had moved to the reset password form ie she/he is currently seeing the forgot password form.
			
		}elseif( isset($_GET['resetPassToken']) && !isset($_POST['logSysforgotPassRePass']) ){
			/* The user gave the password reset token. Check if the token is valid. */
			$_GET['resetPassToken'] = urldecode($_GET['resetPassToken']);
			$sql = $this->dbh->prepare("SELECT `uid` FROM `resetTokens` WHERE `token` = ?");
			$sql->execute(array($_GET['resetPassToken']));
			
			if( $sql->rowCount() == 0 || $_GET['resetPassToken'] == "" ){
				echo "<h3>Error : Wrong/Invalid Token</h3>";
				$curStatus = "invalidToken"; // The token user gave was not valid
			}else{
				/* The token is valid, display the new password form */
				$html  = "<p>The Token key was Authorized. Now, you can change the password</p>";
				$html .= "<form action='{$_SERVER['PHP_SELF']}' method='POST'>";
					$html	.=	"<input type='hidden' name='token' value='{$_GET['resetPassToken']}'/>";
					$html	.=	"<label>New Password<br/><input type='password' name='password'/></label><br/>";
					$html	.=	"<label>Retype Password<br/><input type='password' name='password2'/></label><br/>";
					$html	.=	"<button name='logSysforgotPassRePass'>Reset Password</button>";
				$html	.=	"</form>";
				echo $html;
				$curStatus = "changePasswordForm"; // The token was correct, displayed the change/new password form.
			}
		}elseif( isset($_POST['logSysforgotPassRePass']) ){
			$_POST['token'] = urldecode($_POST['token']);
			$sql = $this->dbh->prepare("SELECT `uid` FROM `resetTokens` WHERE `token` = ?");
			$sql->execute(array($_POST['token']));
			
			if( $sql->rowCount()==0 || $_POST['token']=="" ){
				echo "<h3>Error : Wrong/Invalid Token</h3>";
				$curStatus = "invalidToken"; // The token user gave was not valid
			}else{
				if( $_POST['password'] != $_POST['password2'] || $_POST['password']=="" || $_POST['password2']=="" ){
					echo "<h3>Error : Passwords Don't Match Or Passwords Left Blank</h3>";
					$curStatus = "passwordDontMatch"; // The new password and retype password submitted didn't match
				}else{
					
					$_POST['newPassword'] = $_POST['password2'];
					$this->user			  = $sql->fetchColumn();
					$this->loggedIn		  = true; // We must create a fake assumption that the user is logged in to change the password as $LS->changePassword() requires the user to be logged in.
					
					if( $this->changePassword($this->secureKey) ){
						$this->user		= false;
						$this->loggedIn = false;
						$sql			= $this->dbh->prepare("DELETE FROM resetTokens WHERE token=?");
						$sql->execute(array($_POST['token']));
						echo "<h3>Success : Password Reset Successful</h3><p>You may now login with your new password.</p>";
						$curStatus = "passwordChanged"; // The password was successfully changed
					}
				}
			}
		}else{
			/* Check if username/email is provided and if it's valid and exists */
			$identification = isset($_POST['identification']) ? $_POST['identification']:"";
			if($identification == ""){
				echo "<h3>Error : $identName not provided</h3>";
				$curStatus = "identityNotProvided"; // The identity was not given
			}else{
				$sql = $this->dbh->prepare("SELECT `email`, `id` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login");
				$sql->bindValue(":login", $identification);
				$sql->execute();
				if($sql->rowCount() == 0){
					echo "<h3>Error : User Not Found</h3>";
					$curStatus = "userNotFound"; // The user with the identity given was not found in the users database
				}else{
					$rows  = $sql->fetch(PDO::FETCH_ASSOC);
					$email = $rows['email'];
					$uid   = $rows['id'];
					$token = $this->rand_string(40);
					$sql   = $this->dbh->prepare("INSERT INTO `resetTokens` (`token`, `uid`, `requested`) VALUES (?, ?, NOW())");
					$sql->execute(array($token, $uid));
					$encodedToken = urlencode($token);
					
					/* Prepare the email to be sent */
					$subject = "Reset Password";
					$body	 = "You requested for resetting your password on {$this->company}. For this, please click the following link :
					<blockquote>
						<a href='{$this->curPageURL()}?resetPassToken={$encodedToken}'>Reset Password : {$token}</a>
					</blockquote>";
					$this->sendMail($email, $subject, $body);	/* Change mail() function to something else if you like */
					echo "<p>An email has been sent to your email inbox with instructions. Check Your Mail Inbox and SPAM Folders.</p><p>You can close this window.</p>";
					$curStatus = "emailSent"; // E-Mail has been sent
				}
			}
		}
		return $curStatus;
	}
	
	/* A function that handles the logged in user to change her/his password */
	public function changePassword($parent = ""){
		$curStatus = "initial";	// The Current Status of Change Password action
		if($this->loggedIn){
			if( $parent == $this->secureKey && isset($_POST['newPassword']) && $_POST['newPassword'] != "" ){
				$randomSalt	= $this->rand_string(20);
				$saltedPass = hash('sha256',$_POST['newPassword'].$this->passwordSalt.$randomSalt);
				$sql		= $this->dbh->prepare("UPDATE `{$this->dbtable}` SET `password` = ?, `password_salt` = ? WHERE `id` = ?");
				$sql->execute(array($saltedPass, $randomSalt, $this->user));
				return true;
			}elseif( !isset($_POST['logSysChangePassword']) ){
				$html = "<form action='".$_SERVER['PHP_SELF']."' method='POST'>";
					$html .= "<label>Current Password<br/><input type='password' name='curpass'/></label><br/>";
					$html .= "<label>New Password<br/><input type='password' name='newPassword'/></label><br/>";
					$html .= "<label>Retype New Password<br/><input type='password' name='newPassword2'/></label><br/>";
					$html .= "<button name='logSysChangePassword' type='submit'>Change Password</button>";
				$html .= "</form>";
				echo $html;
				$curStatus = "changePasswordForm"; // The form for changing password is shown now
			}elseif(isset($_POST['logSysChangePassword'])){
				if( isset($_POST['newPassword']) && $_POST['newPassword']!="" && isset($_POST['newPassword2']) && $_POST['newPassword2']!="" && isset($_POST['curpass']) && $_POST['curpass']!="" ){
					$curpass	  = $_POST['curpass'];
					$newPassword  = $_POST['newPassword'];
					$newPassword2 = $_POST['newPassword2'];
					$sql		  = $this->dbh->prepare("SELECT username FROM `{$this->dbtable}` WHERE id=?");
					$sql->execute(array($this->user));
					$curuserUsername = $sql->fetchColumn();
					if($this->login($curuserUsername, $curpass, false)){
						if($newPassword != $newPassword2){
							echo "<h3>Error : Password Mismatch</h3>";
							$curStatus = "newPasswordMismatch"; // The Password's don't match (New Password & Retype Password field)
						}else{
							$this->changePassword($this->secureKey);
							echo "<h3>Success : Password Changed Successful</h3>";
							$curStatus = "passwordChanged"; // Password changed
						}
					}else{
						echo "<h3>Error : Current Password Was Wrong</h3>";
						$curStatus = "currentPasswordWrong"; // The current password entered was wrong
					}
				}else{
					echo "<h3>Error : Password Fields was blank</h3>";
					$curStatus = "newPasswordFieldsBlank"; // Blank new password field
				}
			}
		}else{
			echo "<h3>Error : Not Logged In</h3>";
			$curStatus = "notLoggedIn"; // Not logged In
		}
		return $curStatus;
	}
	
	/* Check if user exists with ther username/email given */
	public function userExists($username){
		if($this->emailLogin === true){
			$query = "SELECT `id` FROM `{$this->dbtable}` WHERE `username`=:login OR `email`=:login ORDER BY `id` LIMIT 1";
		}else{
			$query = "SELECT `id` FROM `{$this->dbtable}` WHERE `username`=:login ORDER BY `id` LIMIT 1";
		}
		$sql = $this->dbh->prepare($query);
		$sql->execute(array(
			":login" => $username
		));
		return $sql->rowCount() == 0 ? false : true;
	}
	
	/* Fetches data of user in database. Returns a single value or an array of value according to parameteres given to the function */
	public function getUser($what = "*", $user = null){
		if($user == null){
			$user = $this->user;
		}
		if( is_array($what) ){
			$columns = implode("`,`", $what);
			$columns	= "`{$columns}`";
		}else{
			$columns = $what != "*" ? "`$what`" : "*";
		}
		
		$sql = $this->dbh->prepare("SELECT {$columns} FROM `{$this->dbtable}` WHERE `id`=? ORDER BY `id` LIMIT 1");
		$sql->execute(array($user));
		
		$data = $sql->fetch(PDO::FETCH_ASSOC);
		if( !is_array($what) ){
			$data = $what == "*" ? $data : $data[$what];
		}
		return $data;
	}
	
	/* Updates the user data */
	public function updateUser($toUpdate = array(), $user = null){
		if( is_array($toUpdate) && !isset($toUpdate['id']) ){
			if($user == null){
				$user = $this->user;
			}
			$columns = "";
			foreach($toUpdate as $k => $v){
				$columns .= "`$k` = :$k, ";
			}
			$columns = substr($columns, 0, -2); // Remove last ","
		
			$sql = $this->dbh->prepare("UPDATE `{$this->dbtable}` SET {$columns} WHERE `id`=:id");
			$sql->bindValue(":id", $user);
			foreach($toUpdate as $key => $value){
					$value = htmlspecialchars($value);
					$sql->bindValue(":$key", $value);
				}
			$sql->execute();
			
		}else{
			return false;
		}
	}
	
	/* Returns a string which shows the time since the user has joined */
	public function timeSinceJoin($user = null){
		if($user == null){
			$user = $this->user;
		}
		$created 	= $this->getUser("created");
		$timeFirst	= strtotime($created);
		$timeSecond = strtotime("now");
		$memsince 	= $timeSecond - strtotime($created);
		$regged 		= date("n/j/Y", strtotime($created));
		
		if($memsince < 60) {
			$memfor = $memsince . "Seconds";
		}else if($memsince < 3600 && $memsince > 60){
			$memfor = floor($memsince / 60) . " Minutes";
		}else if($memsince < 86400 && $memsince > 60){
			$memfor = floor($memsince / 3600) . " Hours";
		}else if($memsince < 604800 && $memsince > 3600){
			$memfor = floor($memsince / 86400) . " Days";
		}else if($memsince < 2592000 && $memsince > 86400){
			$memfor = floor($memsince / 604800) . " Weeks";
		}else if($memsince > 604800){
			$memfor = floor($memsince / 2592000) . " Months";
		}
		return (string) $memfor;
	}
	
	/* Extra Tools/Functions */
	
	/* Check if valid E-Mail */
	public function validEmail($email = ""){
		return filter_var($email, FILTER_VALIDATE_EMAIL);
	}
	
	/* Get the current page URL */
	public function curPageURL() {
		$pageURL = 'http';
		if(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on"){$pageURL .= "s";}
		$pageURL .= "://";
		if($_SERVER["SERVER_PORT"] != "80") {
			$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
		}else{
			$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
		}
		return $pageURL;
	}
	
	/* Generate a Random String */
	public function rand_string($length) {
		$str="";
		$chars = "subinsblogabcdefghijklmanopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
		$size = strlen($chars);
		for($i = 0;$i < $length;$i++) {
			$str .= $chars[rand(0,$size-1)];
		}
		return $str;
	}
	
	/* Get the current page path */
	public function curPage(){
		$parts = parse_url($this->curPageURL());
		return $parts["path"];
	}
	
	/* Do a redirect */
	public function redirect($url, $status=302){
		header("Location: $url", true, $status);
	}
	
	/* Any mails need to be snt by logSys goes to here. */
	public function sendMail($email, $subject, $body){
		mail($email, $subject, $body);	/* Change this to something else if you don't like PHP's mail() */
	}
	/* End Extra Tools/Functions */
}
?>

Register.php code: 

<?php
include "config.php";
?>

And: 

<?php
	   	if( isset($_POST['submit']) ){
	   			$firstname2 = $_POST['firstname'];
	   			$lastname2 = $_POST['lastname'];
	    		$user2	 = $_POST['username'];
	    		$sex2 = $_POST['sex'];
	    		$country2 = $_POST['strCountryChoice'];
	    		$email2 = $_POST['email'];
	    		$pass2	 = $_POST['pass'];
	    		$pass3 = $_POST['pass2'];
	    		$birthdate2 = $_POST['birthdate'];
	    		$created2 = date("Y-m-d H:i:s");
	    		//need to add a lot more validation functions.. AKA Check if email exists and username. Password > 5 chars
	    		if( $user2=="" || $email2=="" || $pass2=='' || $pass3=='' || $firstname2=='' || $lastname2=='' || $sex2=='' || $country2=='' || $birthdate2=='' ){
	     			echo "Fields Left Blank","Some Fields were left blank. Please fill up all fields.";
	     			exit;
	    		}
	    		if( !$LS->validEmail($email2) ){
	     			echo "E-Mail Is Not Valid", "The E-Mail you gave is not valid";
	     			exit;
	    		}
	    		if( !ctype_alnum($user2) ){
	     			echo "Invalid Username", "The Username is not valid. Only ALPHANUMERIC characters are allowed and shouldn't exceed 10 characters.";
	     			exit;
	    		}
	    		if($pass2 != $pass3){
		     		echo "Passwords Don't Match","The Passwords you entered didn't match";
	     			exit;
	    		}
   	 		$createAccount2 = $LS->register($user2, $pass2,
	    			array(
	    				"email" 	 => $email2,
	    				"name" 	 => $firstname2,
	    				"lastname" => $lastname2,
	    				"gender" => $sex2,
	    				"country" => $country2,
	    				"DOB" => $birthdate2,
	    				"created" => date("Y-m-d H:i:s") // Just for testing

	    			)
	    		);
			//$createAccount = $LS->register($firstname,$lastname,$user,$sex,$country,$email,$pass,$birthdate,$created);
	    		if($createAccount2 === "exists"){
	     			echo "User Exists.";
	    		}elseif($createAccount2 === true){
	     			echo "Success. Created account.";
	    		}
	   	}
	   	?>

Config.php:

<?php
require "class.loginsys.php";
$LS=new LoginSystem();
?>

If you need any more code, please ask.

Thanks again.

Edited by Andrew789123

Here is where that code came from: http://subinsb.com/php-logsys

Make sure you have followed along with the "rules" to successfully incorporate the code.

I go along with the idea that the reason you are getting a memory error is because the script is getting stuck and exhausted at some point. I would do some var_dumps or echos at various points of script execution to narrow down where the problem is.

your code apparently has a circular include/require (i'm not sure why php isn't failing with a redeclare error for the class definition.) your class definition file is including your register.php script, which is including your config.php file, which is including the class definition again.

 

the only thing that should be in the class definition file is the class definition. the include "register.php"; line that you added, and in fact the display_errors line that the author of that software already had in that file, should not be in that file.

 

your main file, which is register.php, is where you include/require things that it needs (and in the case of class files, you should eventually advance to the point of using an autoloader.)

your code apparently has a circular include/require (i'm not sure why php isn't failing with a redeclare error for the class definition.) your class definition file is including your register.php script, which is including your config.php file, which is including the class definition again.

 

the only thing that should be in the class definition file is the class definition. the include "register.php"; line that you added, and in fact the display_errors line that the author of that software already had in that file, should not be in that file.

 

your main file, which is register.php, is where you include/require things that it needs (and in the case of class files, you should eventually advance to the point of using an autoloader.)

 

So if I need to use variables from register.php in my class file how would I do it?

Thanks again.

So if I need to use variables from register.php in my class file how would I do it?

 

 

you don't. the class file is only the class definition. it gets included by your main code so that you can create an instance of the class to use in your main code, not the other way around.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.