OOP PHP CRUD problem - registration/login system

PHP
1

Hello,
I am working on a tutorial for a login crud system. My problem is a bit stupid but for some reason I am having a difficult time figuring it out. Before I attach the code I will try to explain. I have a Users class that has a few methods that will delete a ‘remember me’ token if the cookie is hacked. The token is stored in a database table “B”. The main Users table “A” holds the primary id. Table “B” holds the foreign key “user_id”. My script detects if the cookie was tampered with, then this activates the script to delete the token in table “B”. First, I am unable to figure out how to get the current session user id, and second, how to use that to access table “B” id that is attached to given user_id.

Current session user → Table A id → table B user_id → table B id

If you look at method “updateRememberCredentials” there is a number 41 in the code. This was a test. One of the id’s in table “B” was 41. When you directly place the table “B” id number in this place all the code works perfectly. Unfortunately I need to dynamically access the data from the current user as stated above. If anybody can help I would appreciate the assistance.

I will paste some of my code. Please don’t hesitate to ask if more code is needed. BTW, the code is oop, which I am new to. Thanks

User class

 class User {        
	    private $_db,
			$_data,
			$_sessionName,
			$_cookieName,
			$_isLoggedIn;				
	
	public function __construct($user = null) {
		$this->_db = DB::getInstance();	
		$this->_sessionName = Config::get('session/session_name');
		$this->_cookieName = Config::get('remember/cookie_name');
        $this->checkRememberMe();
		if(!$user) {
			if(Session::exists($this->_sessionName)) {
				$user = Session::get($this->_sessionName);   
                
				if($this->find($user)) {
					$this->_isLoggedIn = true;
				} else {
					                    
					$this->_isLoggedIn = false;                                             
				}
			}
		} else {
			$this->find($user);
		}
	}
	
	public function update($fields = array(), $id = null) {			
		if(!$id && $this->isLoggedIn()) {
			$id = $this->data()->id;
		}
		
		if(!$this->_db->update('users', $id, $fields)) {
			throw new Exception('There was a problem in the update process');
		}
	}
 public function updateRememberCredentials($identifier, $token) { 
  $this->_db->update('users_session', 41, array(
           'remember_identifier' => $identifier,
           'remember_token' =>  $token  
           
       ));            
    }

DB class

    public function query($sql, $params = array()) {
        $this->_error = false;
        if($this->_query = $this->_pdo->prepare($sql)) {                
            $x = 1;
            if(count($params)) {
                foreach($params as $param) {
                    $this->_query->bindValue($x, $param);
                    $x++;                       
                }                   
            }               

            if($this->_query->execute()) {               
                if(substr($sql, 0, 6) === "SELECT"){
                    $this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
                } else {
                     $this->_results = null;
                }  
                $this->_count = $this->_query->rowCount();
            } else {
                $this->_error = true;
            }
        }
        return $this;
    }

    public function action($action, $table, $where = array()) {
		if(count($where) === 3) {
			$operators = array('=', '>', '<', '>=', '<=');
			
			$field		= $where[0];
			$operator	= $where[1];
			$value		= $where[2];
			
			if(in_array($operator, $operators)) {
				$sql = "{$action} FROM {$table} WHERE {$field} {$operator} ?";
				
				if(!$this->query($sql, array($value))->error()) {
					return $this;
				}
			}
		}
		return false;
	}
	
     public function get($table, $where) {
		return $this->action('SELECT *', $table, $where);
	}
            
     public function update($table, $id, $fields = array()) { 
		$set = null;
		$x   = 1;
		
		foreach($fields as $name => $value) {
			$set .= "{$name} = ?";
			if($x < count($fields)) {
				$set .= ', ';
			}
			$x++;
		}			
		
		$sql = "UPDATE {$table} SET {$set} WHERE id = {$id}";  
		if(!$this->query($sql, $fields)->error()) {
			return true;
		}	
		
		return false;
	}

This is the last thing I tried with no success.

 $id = $this->_db->get("SELECT users_session.id
            FROM users_session  
            LEFT JOIN users
            ON users_session.user_id=users.id
            WHERE users.id=:id");

Then I tried to place $id into the place where the number 41 is placed above.

2

Based on the DB class, db->get is insufficient to do this, as it is a blind-puller. You would call query instead of get, passing your query as the first parameter, and an array of values for the second parameter.

Well, you seem to know where the database is storing the user_id…
You also seem to be hardcoding this value to be 41 in the updateRememberCredentials function?

3

Thanks m_hutly, yes, as I mentioned the 41 was just a test to see if there was some other type of error. Since placing the users_session id that is equivalent to the current session’s user everything works as expected. My issue is how to get to that equivalent users_session id in the first place. Would you be willing to help with some code so I can get my head wrapped around what I need to do?
Thanks

4

well I dont know what you mean by ‘users_session id’? What creates the session id? are you using PHP’s Session_id? The database table’s index? some other mechanism?

5

Hello, “users_session” is table “B”. Note that the “41” below is the same “41” as above in the test code mentioned earlier. Thanks

Table “A”

id username
28 billybob

Table “B”

id users_id code
41 28 4q56455ad
6

offtopic:
@ke-jo If you want to mark-up a table you can use the following guide to see how that’s done on these forums: https://meta.discourse.org/t/create-a-table-using-markdown-on-your-discourse-forum/66544

1 Like
7

I’m 7 sorts of turned around here.

From Table A, and Table B:

  1. What information does the code know.
  2. What information is the code trying to fetch.
8

Hello m_hutley,
This is a login registration system. Table “B” contains the foreign ID key (user_id) to the primary key in table “A” (id). The “code” in table “B” is irrelevant at this point and time.
Simply put:

How do you access “ID” in table “B” inside this function “updateRememberCredentials” in the User class pasted above?

I need to replace that “41” you see in “updateRememberCredentials” with a variable that will fetch the “ID” number from table “B”.

9

To access that, you need some piece of information tied to it.
Username.
User ID.
Code.

I cannot see anywhere in the User class where any of those pieces are available.You’ve not supplied the find command, so I dont know which of those pieces of information is available to the method.

10

Hello m_hutley, here is the find function. I have tried dozens of things over that last several days. Are you able to get it to function properly? I am lost at this point.

  		public function find($user = null) {
		if($user) {
			$field = (is_numeric($user)) ? 'id' : 'username';                
			$data = $this->_db->get('users', array($field, '=', $user));
				
                if($data->count()) {                   
                    $this->_data = $data->first();
                    return true;
                }    
		}
		return false;
	}
11

I have also tried the following to get the current user’s id:

 "select id from users where id = " . $_SESSION['id'] . "";

This code works OUTSIDE the class. Obviously that won’t help:

  $user->data()->id
12

Never mind, after several hours of pain staking work, I finally figured it all out. It works like a charm now. Thanks

13

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.