matthewhaworth Posted August 18, 2007 Share Posted August 18, 2007 Ok, I posted earlier and thought that the problem was fixed. It isn't. <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { // This is where I will store the database class. private $_db; // Construct the user class. This means taking the object $db and applying it to the private variable $_db. function __construct(&$db) { $this->_db = $db; } // The check login function sees if the $_SESSION['user']['loggedin'] variable is set to true and returns // true or false depending on what it finds. Actually useless as the code if($_SESSION['user']['loggedin']) // would work adequately. function checkLogin() { if ($_SESSION['user']['loggedin']) { return true; } else { return false; } } // The register function accepts two arguments, $email and $password. It cleans both variables before placing // them into the database and logging the user in. function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Encrypt the password to compare to the one stored in the database $password = md5($password); // This creates a date compliant with SQL's datetime format $date = date('Y-m-d H-i-s'); // This checks to see if the username already exists. $sql = "SELECT email FROM users WHERE email='".$email."';"; $query = $this->_db->query($sql); $numrows = $this->_db->numrows($query); if($numrows > 0) { return "Email already exists"; } // The following SQL inserts the email, password and registered datetime into the database. $sql = "INSERT INTO users(email, password, registered) VALUES('" . $email . "', '" . $password . "', '" . $date . "');"; // This calls up the query function in my database class to apply the SQL. if ($this->_db->query($sql)) { // If the query is successful, log the user in and hence set up the sessions variables. $this->login($email, $password); return true; } else { // If the query fails, return the function as false. return false; } } // This ia a function to load the Details of the user into session variables, it takes the $email only, // this is why I have made it a private function, so I can't accidently cheat a user into it. It is called // only from the function 'login' which sets the 'loggedin' session variable itself. private function loadDetails($email) { // This sql selects all of the user information besides the password. $sql = "SELECT iD, email, registered FROM users WHERE email='" . $email . "';"; // This processes the query, once again using my database class. $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $this->_db->fetch_assoc($query); //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { echo $key; echo $value; $userinf[$key] = $value; } // This applies the $userinf array to the session variable 'user' $_SESSION['user'] = $userinf; // This is simply a check to see if it was successful. if (isset($_SESSION['user']['email'])) { return true; } else { return false; } } function login($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); if ($this->_db->numrows($query) > 0) { // Set sessions for rest of user details.. if ($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. return false; } } else { //...return false. return false; } } } ?> Ok, the whole of the code is located above, however, that may not be necessary. Look at the following: <?php //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { echo $key; echo $value; $userinf[$key] = $value; } ?> Whenever I echo the values out before applying them to $userinf.. it print_r's the user information.. however when I comment them out, or delete the echo's.. so it looks like this. <?php //THIS IS WHAT WE'RE INTERESTED IN!!! // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { //echo $key; //echo $value; $userinf[$key] = $value; } ?> It tries to apply the object 'user' to the array, and print_r's the object 'user''s variables leaving me with this: user Object ( [_db:private] => db Object ( [_db:private] => mysqli Object ( ) [_queries:private] => 0 ) ) this is beyond me.. any help would be greatly appreciated? Quote Link to comment Share on other sites More sharing options...
Barand Posted August 18, 2007 Share Posted August 18, 2007 Shouldn't that be $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $query->fetch_assoc(); Quote Link to comment Share on other sites More sharing options...
matthewhaworth Posted August 18, 2007 Author Share Posted August 18, 2007 Shouldn't that be $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $query->fetch_assoc(); I know where you're coming from, however, that is not where the problem resides. $userinfo = $this->_db->fetch_assoc($query); This calls a function in my db.class.php, that looks like this. function fetch_assoc(&$query) { $fetched = $query->fetch_assoc(); return $fetched; } function multifetch_assoc(&$query) { while ($fetched = $query->fetch_assoc()) { $mf[] = $fetched; } return $mf; } That effectively does the same thing . I'm convinced the problem is inside the loop ???. Also, I DID try and change it to query, but it wouldn't even process it. Thanks regardless. Quote Link to comment Share on other sites More sharing options...
matthewhaworth Posted August 18, 2007 Author Share Posted August 18, 2007 Ah, I hate double posting, can you put a modify function on here that allows you to modify whenever? Anyways, I'm getting something completely different now, instead of it printing the user object or the user details.. it's printing nothing. I've tried to get it to return a detailed error message, but nothing's happening: <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { // This is where I will store the database class. private $_db; // Construct the user class. This means taking the object $db and applying it to the private variable $_db. function __construct(&$db) { $this->_db = $db; } // The check login function sees if the $_SESSION['user']['loggedin'] variable is set to true and returns // true or false depending on what it finds. Actually useless as the code if($_SESSION['user']['loggedin']) // would work adequately. function checkLogin() { if ($_SESSION['user']['loggedin']) { return true; } else { return false; } } // The register function accepts two arguments, $email and $password. It cleans both variables before placing // them into the database and logging the user in. function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Encrypt the password to compare to the one stored in the database $password = md5($password); // This creates a date compliant with SQL's datetime format $date = date('Y-m-d H-i-s'); // This checks to see if the username already exists. $sql = "SELECT email FROM users WHERE email='".$email."';"; $query = $this->_db->query($sql); $numrows = $this->_db->numrows($query); if($numrows > 0) { return "Email already exists"; } // The following SQL inserts the email, password and registered datetime into the database. $sql = "INSERT INTO users(email, password, registered) VALUES('" . $email . "', '" . $password . "', '" . $date . "');"; // This calls up the query function in my database class to apply the SQL. if ($this->_db->query($sql)) { // If the query is successful, log the user in and hence set up the sessions variables. $this->login($email, $password); return true; } else { // If the query fails, return the function as false. return false; } } // This ia a function to load the Details of the user into session variables, it takes the $email only, // this is why I have made it a private function, so I can't accidently cheat a user into it. It is called // only from the function 'login' which sets the 'loggedin' session variable itself. private function loadDetails($email) { // This sql selects all of the user information besides the password. $sql = "SELECT iD, email, registered FROM users WHERE email='" . $email . "';"; // This processes the query, once again using my database class. $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $this->_db->multifetch_assoc(&$query); // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { echo $key; echo $value; $userinf[$key] = $value; } // This applies the $userinf array to the session variable 'user' $_SESSION['user'] = $userinf; // This is simply a check to see if it was successful. if (isset($_SESSION['user']['email'])) { return true; } else { return false; } } function login($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); if ($this->_db->numrows($query) > 0) { // Set sessions for rest of user details.. if ($this->loadDetails($email)) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. $error = "Function 'loadDetails' failed."; return ($error); } } else { //...return false. $error = "No such username and password combination exists."; return ($error); } } } ?> Here's the code that uses it: <?php /** * login.test.php * @author matthew * @copyright 2007 */ require ("init.php"); if (isset($_POST['email'])) { $loginattempt = $user->login($_POST['email'], $_POST['password']); if($loginattempt == true) { header("location: login.test.php"); } else { echo $loginattempt; } } ?> <html> <head> <title>Login test</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="POST"> email:<input type = "text" id="email" name="email" /><br /> password:<input type = "text" id="password" name="password" /><br /> <input type="submit" value="login" /></form> <?php print_r($_SESSION['user']); ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Barand Posted August 18, 2007 Share Posted August 18, 2007 function __construct(&$db) with php5 you don't need the "&", all objects are passed by ref Quote Link to comment Share on other sites More sharing options...
matthewhaworth Posted August 18, 2007 Author Share Posted August 18, 2007 function __construct(&$db) with php5 you don't need the "&", all objects are passed by ref Will that fix it though? Ok, I've done a lot of fiddling with my code. Here is the latest. You get my database class, my user.class.php and my login.test.php I will also provide a link and some data to enter. user.class.php <?php /* * user.class.php * * @package * @author matthew haworth * @copyright 2007 * @version $Id$ * @access public */ class user { // This is where I will store the database class. private $_db; // Construct the user class. This means taking the object $db and applying it to the private variable $_db. function __construct($db) { $this->_db = $db; } // The check login function sees if the $_SESSION['user']['loggedin'] variable is set to true and returns // true or false depending on what it finds. Actually useless as the code if($_SESSION['user']['loggedin']) // would work adequately. function checkLogin() { if ($_SESSION['user']['loggedin']) { return true; } else { return false; } } // The register function accepts two arguments, $email and $password. It cleans both variables before placing // them into the database and logging the user in. function register($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Encrypt the password to compare to the one stored in the database $password = md5($password); // This creates a date compliant with SQL's datetime format $date = date('Y-m-d H-i-s'); // This checks to see if the username already exists. $sql = "SELECT email FROM users WHERE email='".$email."';"; $query = $this->_db->query($sql); $numrows = $this->_db->numrows($query); if($numrows > 0) { return "Email already exists"; } // The following SQL inserts the email, password and registered datetime into the database. $sql = "INSERT INTO users(email, password, registered) VALUES('" . $email . "', '" . $password . "', '" . $date . "');"; // This calls up the query function in my database class to apply the SQL. if ($this->_db->query($sql)) { // If the query is successful, log the user in and hence set up the sessions variables. $this->login($email, $password); return true; } else { // If the query fails, return the function as false. return false; } } // This ia a function to load the Details of the user into session variables, it takes the $email only, // this is why I have made it a private function, so I can't accidently cheat a user into it. It is called // only from the function 'login' which sets the 'loggedin' session variable itself. private function loadDetails($email) { // This sql selects all of the user information besides the password. $sql = "SELECT iD, email, registered FROM users WHERE email='" . $email . "';"; // This processes the query, once again using my database class. $query = $this->_db->query($sql); // This fetches the array from the query object the mysqli produces. $userinfo = $this->_db->multifetch_assoc(&$query); // This iterates through the keys and values of the array and appends them to the variable, $userinf. foreach ($userinfo as $key => $value) { //echo $key; //echo $value; $userinf[$key] = $value; } // This applies the $userinf array to the session variable 'user' $_SESSION['user'] = $userinf; // This is simply a check to see if it was successful. if(is_array($_SESSION['user'])) { return true; } else { return false; } } function login($email, $password) { // Validation. $email = $this->_db->realescapestring($email); $email = strip_tags($email); $password = $this->_db->realescapestring($password); $password = strip_tags($password); // End validation. // Code the password to compare with that stored at registration. $password = md5($password); // Ask for email and password from MySQL. $sql = "SELECT email, password FROM users WHERE email='" . $email . "' AND password='" . $password . "';"; // See if the user data exists in the database. $query = $this->_db->query($sql); if ($this->_db->numrows($query) > 0) { // Set sessions for rest of user details.. if ($this->loadDetails($email) === true) { // Set sessions as loggedin, I did this here for security reasons. $_SESSION['user']['loggedin'] = true; // Return the function , everything's set. return true; } else { // If the loadDetails function returns false, return this function false also. $error = "Function 'loadDetails' failed."; return ($error); } } else { //...return false. $error = "No such username and password combination exists."; return ($error); } } } ?> database.class.php <?php /* db.class.php Matthew Haworth - 2007 */ class db { private $_db; private $_queries = 0; //public $emptty; // constructor. function __construct($database, $username, $password, $host = "localhost") { $mysqli = new mysqli($host, $username, $password, $database); $this->_db = $mysqli; //whilst i'm here i'd like to check if there's anything in the table and if so apply false to a public var called empty /*$sql = "SELECT * FROM `shouts`;"; $query = $this->query($sql); if($query->num_rows > 0) { $this->$emptty = false; } */ } // query-er function query($sql) { $queryresult = $this->_db->query($sql); $this->_queries++; return $queryresult; } // fetch-er function fetch_assoc($query) { $fetched = $query->fetch_assoc(); return $fetched; } function multifetch_assoc($query) { while ($fetched = $query->fetch_assoc()) { $mf[] = $fetched; } return $mf; } function numrows($query) { $query = $query->num_rows; return $query; } function realescapestring($string) { $string = $this->_db->real_escape_string($string); return $string; } } ?> login.test.php <?php /** * login.test.php * @author matthew * @copyright 2007 */ require ("init.php"); if (isset($_POST['email'])) { $loginattempt = $user->login($_POST['email'], $_POST['password']); if($loginattempt === true) { header("location: login.test.php"); } else { echo $loginattempt; } } ?> <html> <head> <title>Login test</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="POST"> email:<input type = "text" id="email" name="email" /><br /> password:<input type = "text" id="password" name="password" /><br /> <input type="submit" value="login" /></form> <?php print_r($_SESSION['user']); ?> </body> </html> Use the following to test it: http://86.144.117.203/shoutbox/login.test.php. email: matthew password: matthew Quote Link to comment Share on other sites More sharing options...
Barand Posted August 18, 2007 Share Posted August 18, 2007 in login.test.php, where is $user defined? Quote Link to comment Share on other sites More sharing options...
matthewhaworth Posted August 18, 2007 Author Share Posted August 18, 2007 In init.php.. <?php /* SHOUTBOX's INITIALISATION init.php Matthew Haworth - 2007 */ session_start(); function __autoload($class) { require $class.".class.php"; } $db = new db('shoutbox', 'username', 'password'); $shout = new shout($db); $user = new user($db); ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted August 18, 2007 Share Posted August 18, 2007 why the loop to create $userinf anyway? You only end up with a duplicate of $userinfo. Quote Link to comment Share on other sites More sharing options...
matthewhaworth Posted August 18, 2007 Author Share Posted August 18, 2007 why the loop to create $userinf anyway? You only end up with a duplicate of $userinfo. ..because, I am a terrible programmer . lol, it initially went something like this.. foreach($userinfo as $key => $value) { $_SESSION['user'][$key] = $value; } Then I changed it without thinking that the loop is now unnecessary. The script I've written, infact, all the scripts I have written are terrible. I don't know hwo to improve without getting it all wrong first though, so meh. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.