Hello,
I am working on a tutorial for a login crud system. My problem is a bit stupid but for some reason I am having a difficult time figuring it out. Before I attach the code I will try to explain. I have a Users class that has a few methods that will delete a ‘remember me’ token if the cookie is hacked. The token is stored in a database table “B”. The main Users table “A” holds the primary id. Table “B” holds the foreign key “user_id”. My script detects if the cookie was tampered with, then this activates the script to delete the token in table “B”. First, I am unable to figure out how to get the current session user id, and second, how to use that to access table “B” id that is attached to given user_id.
Current session user → Table A id → table B user_id → table B id
If you look at method “updateRememberCredentials” there is a number 41 in the code. This was a test. One of the id’s in table “B” was 41. When you directly place the table “B” id number in this place all the code works perfectly. Unfortunately I need to dynamically access the data from the current user as stated above. If anybody can help I would appreciate the assistance.
I will paste some of my code. Please don’t hesitate to ask if more code is needed. BTW, the code is oop, which I am new to. Thanks
User class
class User {
private $_db,
$_data,
$_sessionName,
$_cookieName,
$_isLoggedIn;
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
$this->checkRememberMe();
if(!$user) {
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
$this->_isLoggedIn = false;
}
}
} else {
$this->find($user);
}
}
public function update($fields = array(), $id = null) {
if(!$id && $this->isLoggedIn()) {
$id = $this->data()->id;
}
if(!$this->_db->update('users', $id, $fields)) {
throw new Exception('There was a problem in the update process');
}
}
public function updateRememberCredentials($identifier, $token) {
$this->_db->update('users_session', 41, array(
'remember_identifier' => $identifier,
'remember_token' => $token
));
}
DB class
public function query($sql, $params = array()) {
$this->_error = false;
if($this->_query = $this->_pdo->prepare($sql)) {
$x = 1;
if(count($params)) {
foreach($params as $param) {
$this->_query->bindValue($x, $param);
$x++;
}
}
if($this->_query->execute()) {
if(substr($sql, 0, 6) === "SELECT"){
$this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
} else {
$this->_results = null;
}
$this->_count = $this->_query->rowCount();
} else {
$this->_error = true;
}
}
return $this;
}
public function action($action, $table, $where = array()) {
if(count($where) === 3) {
$operators = array('=', '>', '<', '>=', '<=');
$field = $where[0];
$operator = $where[1];
$value = $where[2];
if(in_array($operator, $operators)) {
$sql = "{$action} FROM {$table} WHERE {$field} {$operator} ?";
if(!$this->query($sql, array($value))->error()) {
return $this;
}
}
}
return false;
}
public function get($table, $where) {
return $this->action('SELECT *', $table, $where);
}
public function update($table, $id, $fields = array()) {
$set = null;
$x = 1;
foreach($fields as $name => $value) {
$set .= "{$name} = ?";
if($x < count($fields)) {
$set .= ', ';
}
$x++;
}
$sql = "UPDATE {$table} SET {$set} WHERE id = {$id}";
if(!$this->query($sql, $fields)->error()) {
return true;
}
return false;
}
This is the last thing I tried with no success.
$id = $this->_db->get("SELECT users_session.id
FROM users_session
LEFT JOIN users
ON users_session.user_id=users.id
WHERE users.id=:id");
Then I tried to place $id into the place where the number 41 is placed above.