its my first time here i have a question im making a register form but i need to insert to 2 databases here is my code.
when i run its only register in one database sometimes db1 other times db2
-Sorry for my bad english
-Here's register.php
require_once 'config/dbconfig.php';
if($user->is_loggedin()!="")
{
$user->redirect('home.php');
}
if(isset($_POST['btn-signup']))
{
$uname = trim($_POST['txt_uname']);
$umail = trim($_POST['txt_umail']);
$upass = trim($_POST['txt_upass']);
$rpass = trim($_POST['txt_rpass']);
if($uname=="") {
$error[] = "provide username !";
}
else if($umail=="") {
$error[] = "provide email id !";
}
else if(!filter_var($umail, FILTER_VALIDATE_EMAIL)) {
$error[] = 'Please enter a valid email address !';
}
else if($upass=="") {
$error[] = "provide password !";
}
else if(strlen($upass) < 6){
$error[] = "Password must be atleast 6 characters";
}
elseif($upass != $rpass){
$msg = "passwords doesn't match";
}
else
{
try
{
$stmt = $DB_con->prepare("SELECT user_name,user_email FROM users WHERE user_name=:uname OR user_email=:umail");
$stmt2 = $DB_con2->prepare("SELECT user_name,user_email FROM users WHERE user_name=:uname OR user_email=:umail");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$stmt2->execute(array(':uname'=>$uname, ':umail'=>$umail));
$row=$stmt->fetch(PDO::FETCH_ASSOC);
if($row['user_name']==$uname) {
$error[] = "sorry username already taken !";
}
else if($row['user_email']==$umail) {
$error[] = "sorry email id already taken !";
}
else
{
if($user->register($fname,$lname,$uname,$umail,$upass))
{
$user->redirect('register.php?joined');
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
-Here Class.User.php
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($fname,$lname,$uname,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(user_name,user_email,user_pass)
VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($uname,$umail,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname OR user_email=:umail LIMIT 1");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
-and the DBConfig.php
<?php
session_start();
$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "";
try
{
$DB_con = new PDO("mysql:host= {$DB_host};dbname=dblogin",$DB_user,$DB_pass);
$DB_con2 = new PDO("mysql:host= {$DB_host};dbname=dblogin2",$DB_user,$DB_pass);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$DB_con2->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
include_once 'class.user.php';
$user = new USER($DB_con);
$user2 = new USER($DB_con2);
Related
SIGNUP.PHP/HTML
<?php
require_once("connections/db.php");
$error = array();
if($user->is_loggedin())
{
$user->redirect('index.php');
}
if(isset($_POST['signup-btn']))
{
$username = $_POST['signup-username'];
$password = $_POST['signup-password'];
$email = $_POST['signup-email'];
if($user='')
{
$error[] = "Please enter a username";
}
else if($pass='')
{
$error[] = "Please enter a password";
}
else if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error[] = "Please enter a valid email address";
}
else
{
try
{
if($user->register($username, $password, $email))
{
echo "registered";
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
?>
class.user.php
<?php
class USER{
private $db;
function __construct($db_con)
{
$this->db = $db_con;
}
public function register($username,$password,$email)
{
try
{
$protected_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(username,password,email)
VALUES(:username, :password, :email)");
$stmt->bindparam(":username", $username);
$stmt->bindparam(":password", $protected_password);
$stmt->bindparam(":email", $email);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if (isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
}
?>
db.php
<?php
session_start();
$connection = parse_ini_file('config.ini');
try{
$db_con = new PDO("mysql:host={$connection['host']}; dbname={$connection['dbname']}", $connection['username'], $connection['password']);
$db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e){
echo $e->getMessage();
}
include_once 'class.user.php';
$user = new USER($db_con);
?>
I keep receiving the error Fatal error: Call to a member function register() on string in C:\xampp\we\signup.php on line 32
I'm completely new to PDO's. and I can't see why this is not working.
I tried changing the code up as much as I could, but this error doesn't change. I'm sure it's a simple stupid problem i'm overlooking as well.
We start out setting $username from your form
$username = $_POST['signup-username'];
Then I assume an equality check was meant to happen on this variable ($username == ''?) but instead $user is set to an empty string.
if($user='')
{
$error[] = "Please enter a username";
}
Afterwards, $user->register() is called, and $user is still a string instead of an instance of your class USER.
Be careful that you dont put in variable assignments where you meant to put in equality checks elsewhere! I do it all the time.
if($user='')
{
$error[] = "Please enter a username";
}
else if($pass='') // should this be $password == ''?
{
$error[] = "Please enter a password";
}
I am trying to login with GET method in PHP.
I tried:
login.php
<?php
session_start();
require_once 'class.user.php';
$user_login = new USER();
if($user_login->is_logged_in()!="")
{
$user_login->redirect($web.$_SESSION['user_name']);
}
if(isset($_GET['user']) && isset($_GET['password']))
{
$uname = trim($_GET['user']);
$upass = trim($_GET['password']);
if($user_login->login($uname,$upass))
{
$user_login->redirect($uname);
}
}
?>
class.user.php
public function login($uname,$upass)
{
try
{
$stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userName=:username");
$stmt->execute(array(":username"=>$uname));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1)
{
if($userRow['userStatus']=="Y")
{
if($userRow['userAccess']=="Y")
{
if($userRow['userPass']==md5($upass))
{
$_SESSION['userSession'] = $userRow['userID'];
$_SESSION['loggedin_time'] = time();
$_SESSION['user_name'] = $userRow['userName'];
return true;
}
else
{
header("Location: signin.php?error");
exit;
}
}
else
{
header("Location: default.php");
exit;
}
}
else
{
header("Location: inactive.php");
exit;
}
}
else
{
header("Location: signin.php?error");
exit;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
I am always getting error showing that: wrong details
I cross checked the user name & password with MySQL. They are correct!
This is because you are encrypting your encrypted password, which results in wrong details
Change if($userRow['userPass']==md5($upass)) to if($userRow['userPass']==($upass))
Hope this will resolve your error.
I use
password_hash($password, PASSWORD_BCRYPT, array("cost" => 12));
for my signup form. It's okay in database save perfectly, but can't login.
This is my login function
public function Login($user, $password)
{
try {
$db = DB();
$query = $db->prepare("SELECT id FROM members WHERE user=:user AND password=:password");
$query->bindParam("user", $user, PDO::PARAM_STR);
$data = $this->query->single();
$getpass = $data['password'];
$passv = password_verify($password, $getpass);
$query->bindParam("password", $passv, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0) {
$result = $query->fetch(PDO::FETCH_OBJ);
return $result->id;
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
EDIT:
login.php
<?php
// Start Session
session_start();
// Database connection
require __DIR__ . '/database.php';
$db = DB();
// Application library
require __DIR__ . 'inc/functions.php';
$app = new DemoLib();
// check Login request
if (!empty($_POST['login'])) {
$user = trim($_POST['user']);
$password = trim($_POST['password']);
if ($user == "") {
echo 'Please enter username.';
} else if ($password == "") {
echo 'Please enter password.';
} else {
$id = $app->Login($user, $password); // check user login
if($id > 0)
{
$_SESSION['id'] = $id; // Set Session
}
else
{
echo 'Wrong data.';
}
}
}
?>
You don't want to try to match the password during the query as matching the hash would not work. In order to verify the password you will want to do something like this:
public function Login($user, $password)
{
try {
$db = DB();
$query = $db->prepare("SELECT * FROM members WHERE user=:user"); // get everything for the user
$query->bindParam("user", $user, PDO::PARAM_STR);
//$data = $this->query->single();
$data = $query->execute();
$getpass = $data['password'];
$passv = password_verify($password, $getpass);
if ($passv) { // if the password is good
return $data['id'];
} else {
return false;
}
} catch (PDOException $e) {
exit($e->getMessage());
}
}
I am trying to make my own custom CMS, I can register users and can login aswel, Now I am trying to make a function for user roles,
File: class.user.php
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
File: Home.php
<?php
$userrole = getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
When I try to do this, the error shows up:
Fatal error: Call to undefined function getUserrole() in /Applications/MAMP/htdocs/test/home.php on line 24
I can see something wrong and I was hoping you guys could help me out here:)
Entire class.user.php :
<?php
class USER
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function register($uname,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->db->prepare("INSERT INTO users(user_name,user_email,user_pass)
VALUES(:uname, :umail, :upass)");
$stmt->bindparam(":uname", $uname);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(":upass", $new_password);
$stmt->execute();
return $stmt;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function login($uname,$umail,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname OR user_email=:umail LIMIT 1");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
public function logout()
{
session_destroy();
unset($_SESSION['user_session']);
return true;
}
function getUserrole() {
$username = htmlentities($_SESSION['user_session']);
$stmt = $this->db->prepare('SELECT * FROM users WHERE user_name = :username');
$stmt->bindParam(':user_name', $username);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$userrole = $row['user_role'];
if($userrole == 3) {
return $userrole = 3;
}
if($userrole == 2) {
return $userrole = 2;
}
if($userrole == 1) {
return $userrole = 1;
}
if($userrole == 0) {
return $userrole = 0;
}
}
}
?>
Require the class within your home.php, init it and than call the function
<?php
require_once 'class.user.php';
$userClass = new USER(<yourdbcon>);
$userrole = $userClass->getUserrole();
if($userrole == 1) {
echo "Hi Admin";
}
else {
echo "You are not a admin";
}
?>
I'm having some issues with my user registration system--namely the CheckUsername function inside of it.
This code:
function checkUsername($username) {
if ( preg_match('/\s/',$username)) {
return false;
}
if(!preg_match('/^[\w\-]+$/', $username)) {
return false;
}
if(strlen($username) == 0) {
return false;
}
else {
$sql = "SELECT count(username) FROM users WHERE username = :username LIMIT 1";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
try {
$que->execute();
while($row = $que->fetch(PDO::FETCH_BOTH)) {
if($row[0] > 0) {
return false;
}
else {
return true;
}
}
}
catch(PDOException $e) {}
}
}
Isn't working as designed. Users are able to register with names like <script>, which I clearly do not want.
function registerUser($password, $username)
{
if(!$this->checkUsername($username))
{
header('location:index.php');
}
else
{
$password = $this->passwordEncryption($password);
$sql = "INSERT INTO users(username, password) VALUES (:username, :password);";
$sql .= "INSERT INTO bank_accounts(balance, fuel_cell, energy_cell) VALUES (100,100, 100);";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
$que->bindParam('password', $password);
try{
$que->execute();
$que->nextRowset();
$this->login($username, $password);
}
catch(PDOException $e){}
}
}
This states if there is not a word character or - so any string that contains a word character or - and anything else is OK:
if(!preg_match('/^[\w\-]+$/', $username)) {
return false;
}
You probably want if there is any character that is not a word character or -
if(preg_match('/[^\w\-]+$/', $username)) {
return false;
}
try the following :)
function checkUsername($username) {
$username = trim("$username");
if ( empty($username) || !preg_match("/^a-z0-9\-]+$/i", $username)) {
return false;
}
$sql = "SELECT count(1) FROM users WHERE username = :username LIMIT 1";
$que = $this->db->prepare($sql);
$que->bindParam('username', $username);
try{
$que->execute();
while($row = $que->fetch(PDO::FETCH_BOTH)) {
if($row[0] > 0) {
return false;
} else {
return true;
}
}
} catch(PDOException $e){}
}