I am beginner and this is my first project (happy face). I am trying to make log in systen to learn php and mySQL. At first everything was working so and then i decided to rewrite everything in Object oriented code and then it is not working. Since it is not syntax error it is hard to find for me, but i know that problem is in mySQL query, because it is empty.

Problem: It doesn't work and it doesn't set $errorLevel and there is no mysql_error() report

here is the class

<?php
class login
{
		private $userName;
		private $password;
		private $queryResults;  // will be used for checking user name and password
		private $errorLevel;
		
		
	/*return
	 *  1 if user is sucessfuly loged in
	 * -1 if user name is not in db
	 * -2 if cannot connect to db
	 */
	public function try_log_in($user_name, $password)
	{
		$this->setup_parameters($user_name, $password);
		if($this->is_userName_in_db() && $this->is_password_correct())
		{
			$_SESSION["user"]=$this->userName;
			return 1;
		}
		else
			return $this->errorLevel;
	}
	
	//-------------------------Under the hud-----------------------//
		
	function __construct()
	{
		
	}
	//escapes all inputs and sets object`s parameters
	private function setup_parameters($user_name, $password)
	{
		$this->userName = mysql_real_escape_string ($user_name);
		$this->password = mysql_real_escape_string ($password);
		$query = "
			SELECT * 
			FROM users
			WHERE userName = '$this->userName'  ";
		$this->queryResults = mysql_query($query);		
	}
	
	
	/*Checks if given user name is db
	 *  returns:
	 *  1 if it is in db
	 * -1 if it is not in db
	 * -2 if cannot connect to db
	 */	
	private function is_userName_in_db()
	{
		if(!$this->queryResults)
			$this->errorLevel = -2;
		if(mysql_num_rows( $this->queryResults) == 0)
			$this->errorLevel = -1;
		else
			return 1;
			
		return $this->errorLevel;
		
	}

	/*returns
	 *  1 if entered password matches with one in db
	 *  0 if it doesn match
	 * -2 if could not nonnect to db;
	 */	
	private function is_password_correct()
	{
		if($this->errorLevel == -2)//this should never happen
			return $this->errorLevel;
		$row = mysql_fetch_assoc($this->queryResults);// puts query results in array
		$salt = substr ($row['password'], 0, strlen($row['password'])/2); //takes salt from query result
		$hash = hash("sha256", $salt . $this->password);
		$saltAndPassword = $salt . $hash;
		if($saltAndPassword == $row['password'])
			return 1;
		else
			return 0;
	}
}
?>

Recommended Answers

All 5 Replies

this is login.php

<?php
/*
Template Name: login
*/

// Inialize session
session_start();
// Include database connection settings
include('config.php');
//Include login class
include('ClassLogin.php');
//host information
$host  = $_SERVER['HTTP_HOST'];
$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

$login = new login();
$login->try_log_in($_POST[userName], $_POST[password]);
switch ($result)
{
	case 1:
		header("Location: http://$host$uri/");
		break;
	case -1:
		header("Location: http://$host$uri/?error=1");
		break;
	case -2:
		header("Location: http://$host$uri/?error=2");
		break;
}
?>

and this is config.php where i connect to DB

<?php

$hostname = 'localhost';        // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet.
$dbname   = 'I am';        // Your database name.
$username = 'not that';             // Your database username.
$password = 'stupid :D ';                 // Your database password. If your database has no password, leave it empty.

// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');

?>

EDIT: I forgot to write what have i done to search for problem.
I checked and saw that my code failed to log in and doesnt provide an error.
Then i checked if with correct user name and password it would set session variable. No it didint.
Then i find out that it also didint change $errorLevel.
Then i checked all variables and find out that $quearyResults is empty, but mysql_error() was also empty. So it connects to db but query is empty

I suggest you start adding echo's in your functions, so you can find out exactly what is happening.

One thing popped out at me, but it's been a while since I've written PHP code, and my memory is a little hazy. Is this line correct?

$login->try_log_in($_POST[userName], $_POST[password]);

That is, does it actually pass the username and password into your class functions?

One thing popped out at me, but it's been a while since I've written PHP code, and my memory is a little hazy. Is this line correct?

$login->try_log_in($_POST[userName], $_POST[password]);

That is, does it actually pass the username and password into your class functions?

Yes it does.

Problem was that i created table of ints to store characters. These kind of problems is hard to find and i was looking for mine over a day. Thx everyone for help :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.