Kevin Powell - Community•3mo ago

not seeing any errors yet the code isn't working with login and register

it seems my login and register pages are error-ed and the database isn't getting the data but im not seeing errors. Any ideas?

45 Replies

ZomaTheMasterOfDisaster•3mo ago

message.txt

ZomaTheMasterOfDisaster•3mo ago

message.txt

Jochem•3mo ago

have you run php -l on both files?

ZomaTheMasterOfDisaster•3mo ago

not yet

No syntax errors detected in src/view/login.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$ php -l src/view/register.php 
No syntax errors detected in src/view/register.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$

No syntax errors detected in src/view/login.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$ php -l src/view/register.php 
No syntax errors detected in src/view/register.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$

i thought my db.php was had errors because the extension complains about undefined variables yet it php -l on it said no sytan errors detected validateForms.php

<?php

class Validate {
    
    public static function validateEmail($input) {
        $errors = [];
        if(empty($input)) {
            $errors[] = 'Email is required';
        }

        if(!filter_var($input, FILTER_VALIDATE_EMAIL)) {
            $errors[] = 'Email must be in proper format with name @ domain';
        }

        return $errors;
    }

    public static function validatePassword($password) {
        $errors = [];
        if(empty($password)) {
            $errors[] = 'Password cannot be blank';
        }

        return $errors;
    }

    public static function validateRepeatPassword($firstpass, $secondpass) {
        $errors = [];
        if(empty($firstpass) || empty($secondpass)) {
            $errors[] = 'Both password fields must be filled out';
        }

        if(strncmp($firstpass, $secondpass, count($firstpass)) != 0) {
            $errors[] = 'Passwords do not match';
        }

        return $errors;
    }
}

<?php

class Validate {
    
    public static function validateEmail($input) {
        $errors = [];
        if(empty($input)) {
            $errors[] = 'Email is required';
        }

        if(!filter_var($input, FILTER_VALIDATE_EMAIL)) {
            $errors[] = 'Email must be in proper format with name @ domain';
        }

        return $errors;
    }

    public static function validatePassword($password) {
        $errors = [];
        if(empty($password)) {
            $errors[] = 'Password cannot be blank';
        }

        return $errors;
    }

    public static function validateRepeatPassword($firstpass, $secondpass) {
        $errors = [];
        if(empty($firstpass) || empty($secondpass)) {
            $errors[] = 'Both password fields must be filled out';
        }

        if(strncmp($firstpass, $secondpass, count($firstpass)) != 0) {
            $errors[] = 'Passwords do not match';
        }

        return $errors;
    }
}

Jochem•3mo ago

have you checked the server error logs?

ZomaTheMasterOfDisaster•3mo ago

where are those? mostly I just run php -S localhost:8000 only thing it said was $token was undefined as a warning

Jochem•3mo ago

oh, hm, then they'd be on the screen I think in the terminal where you run php -S I mean well, then it's time to start moving the old die('got to here'); through the files until it vanishes

ZomaTheMasterOfDisaster•3mo ago

i added a test.php with phpinfo() to see if that would yield some answers

ZomaTheMasterOfDisaster•3mo ago

i think i need to do book projects or a course for this language it seems like im not getting it's approach to things right i added these to most of my files to see if it helps with errors

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

still nothing

Jochem•3mo ago

just put die('got to here'); on the first line and move it through the file every time you refresh, if it still shows that, you know the error is below where you put that code it's rare that you have to go that far, but it'll help you identify what's wrong

ZomaTheMasterOfDisaster•3mo ago

like above my include? putting it there it died ah i put the die inside of the if for submit on the login page and when I hit login button, it didnt die if it doesnt die when hitting submit is that a problem?

Jochem•3mo ago

I don't know, you'll have to think through what code should be running and why it isn't getting to the die call

ZomaTheMasterOfDisaster•3mo ago

i wish this had a debugger

Jochem•3mo ago

It does I don't use it often personally, but it integrates with vs code just fine

ZomaTheMasterOfDisaster•3mo ago

i couldnt get it work before vscode just didnt even work with it hopefully this helps

ZomaTheMasterOfDisaster•3mo ago

so for some weird reason the debugger will never setup into this block of code in login.php

 if(isset($_POST['submit']) && !empty($_POST['submit'])) { ...}

 if(isset($_POST['submit']) && !empty($_POST['submit'])) { ...}

Jochem•3mo ago

"some weird reason" is almost never the fault of the debugger / programming language. My guess is that $_POST['submit'] is either not set or it's empty set a breakpoint on the if statement, then check the values.

ZomaTheMasterOfDisaster•3mo ago

yeah i ended up dumping all the code and restarting those pages oin the debugger when I would put a breakpoint on the isset for submit and hit submit on a blank form, it just skipped it all entirely but even when I put data in it still did the same thing

Jochem•3mo ago

It's not going to be skipping for no reason, it just means your logic somewhere higher up isn't working like you want

ZomaTheMasterOfDisaster•3mo ago

<?php
$host = 'localhost';
$db = 'logindb';
$user = 'md';
$pass = 'wwe';



class Database {
    private $dsn = "mysql:host=$host;dbname=$db;charset=UTF8";
    public static function connect($host, $db, $user, $pass) {
        try {
            $options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];

            return new PDO($dsn, $user, $pass, $options);
        } catch(PDOException $e) {
            die($e->getMessage());
        }
    }
}

<?php
$host = 'localhost';
$db = 'logindb';
$user = 'md';
$pass = 'wwe';



class Database {
    private $dsn = "mysql:host=$host;dbname=$db;charset=UTF8";
    public static function connect($host, $db, $user, $pass) {
        try {
            $options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];

            return new PDO($dsn, $user, $pass, $options);
        } catch(PDOException $e) {
            die($e->getMessage());
        }
    }
}

is there a reason why vscode keeps saying my $dsn variable is either undefined or errored? the only fix was putting it in the try but it complained about it a lot

Jochem•3mo ago

I'm not sure that works at all tbh You use $this to reference properties, but you're also treating the definition of $dsn as a template

ZomaTheMasterOfDisaster•3mo ago

ah im just not doing well with setting up this database class this was the PDO error I got

PDO::__construct(): Argument #1 ($dsn) must be a valid data source nameconnection has diedPDO::__construct(): Argument #1 ($dsn) must be a valid data source name

Jochem•3mo ago

You gotta start checking your values when you get errors

ZomaTheMasterOfDisaster•3mo ago

what is a good way to setup a database class to use pdo correctly? seems like im doing this all wrong

Jochem•3mo ago

I never really used a class, just a global variable...

ZomaTheMasterOfDisaster•3mo ago

oh that might be easier to deal with have an example?

Jochem•3mo ago

Not handy atm, I'll check later

ZomaTheMasterOfDisaster•3mo ago

ok 🙂 i use this to check for existing user

public function findUser($email, $pass) {
        $db = new DB();
        $conn = $db->connect();
        if($conn == null) {
            echo "connection has died";
        }
        $sql = "SELECT email, password FROM Users WHERE email=:email AND password=:password";
        $stmt = $conn->prepare($sql);
        $stmt->bindParam(':email', $email, PDO::PARAM_STR);
        $stmt->bindParam(':password', $pass, PDO::PARAM_STR);
        $stmt->execute();

        return $stmt->fetch(PDO::FETCH_ASSOC);

    }

public function findUser($email, $pass) {
        $db = new DB();
        $conn = $db->connect();
        if($conn == null) {
            echo "connection has died";
        }
        $sql = "SELECT email, password FROM Users WHERE email=:email AND password=:password";
        $stmt = $conn->prepare($sql);
        $stmt->bindParam(':email', $email, PDO::PARAM_STR);
        $stmt->bindParam(':password', $pass, PDO::PARAM_STR);
        $stmt->execute();

        return $stmt->fetch(PDO::FETCH_ASSOC);

    }

problem is fetch() returns a mixed if not then false

Jochem•3mo ago

nope. You need to fetch the hash based on the email, then compare it with the password_verify function

ZomaTheMasterOfDisaster•3mo ago

how does that work? so just sql statement where email=:email? take out password

Jochem•3mo ago

yup you get the hash back from that, and then you feed the unhashed password and the hash to password_verify because the password is re-hashed with a fresh salt every time you use password_hash, the same input won't produce the same output. password_verify will use the salt from the hash to rehash the provided password so that it does provide the same output

ZomaTheMasterOfDisaster•3mo ago

since fetch returns a mixed how do I access the database hash? is it like I have $existingUser equal to my controller calling that findUser function so would it be $existingUser->password ?

Jochem•3mo ago

it should return an associative array I think? and false if it fails, but you just check for that

ZomaTheMasterOfDisaster•3mo ago

yeah I have that checked already

Jochem•3mo ago

so you'd probably just use findUser(..., ...)['password'] to access the hash or whatever you assigned the restult $to['password']

ZomaTheMasterOfDisaster•3mo ago

<?php
  include('../helpers/validateForms.php');
  include('../controller/usercontroller.php');

  $validator = new Validate;
  $userControl = new UserController;
  $res = "";

  $options = [
    'cost' => 12,
  ];

  if(isset($_POST['submit'])) {
    $errorEmail = $validator::validateEmail($_POST['email']);
    $errorPass = $validator::validatePassword($_POST['password']);

   

    if(empty($errorEmail) && empty($errorPass)) {

        $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
        $pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");

   

        $existingUser = $userControl->find_User($email);

        debugToConsole($existingUser);


        if($existingUser == FALSE) {
          $res = "User does not exist in the system";
        } else {
            if(password_verify($pass, $existingUser['password']) == true) {
              $res = "Thank you for signing in. Redirecting to your page";
              header("location: userpage.php");
              exit;
            } else {
              $res = "password does not match";
            }
        }
    }
  }

<?php
  include('../helpers/validateForms.php');
  include('../controller/usercontroller.php');

  $validator = new Validate;
  $userControl = new UserController;
  $res = "";

  $options = [
    'cost' => 12,
  ];

  if(isset($_POST['submit'])) {
    $errorEmail = $validator::validateEmail($_POST['email']);
    $errorPass = $validator::validatePassword($_POST['password']);

   

    if(empty($errorEmail) && empty($errorPass)) {

        $email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
        $pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");

   

        $existingUser = $userControl->find_User($email);

        debugToConsole($existingUser);


        if($existingUser == FALSE) {
          $res = "User does not exist in the system";
        } else {
            if(password_verify($pass, $existingUser['password']) == true) {
              $res = "Thank you for signing in. Redirecting to your page";
              header("location: userpage.php");
              exit;
            } else {
              $res = "password does not match";
            }
        }
    }
  }

Jochem•3mo ago

There is never any reason to do this $pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");

ZomaTheMasterOfDisaster•3mo ago

you need to worry about script injection with password fields?

Jochem•3mo ago

why? when are you ever rendering a password to a user? you're never running exec on passwords, or inserting them unhashed into databases

ZomaTheMasterOfDisaster•3mo ago

ah good point I keep thinking everything can be cross site scripted XD

Jochem•3mo ago

cross site scripting is only a concern when you show content from one user to another just make sure you also don't do it during registration because otherwise people who use quotes in their password won't be able to log in

ZomaTheMasterOfDisaster•3mo ago

i went ahead and removed that from both pages so password is just $pass = $_POST['password']; now

Gaming

Programming

not seeing any errors yet the code isn't working with login and register