not seeing any errors yet the code isn't working with login and register

it seems my login and register pages are error-ed and the database isn't getting the data but im not seeing errors. Any ideas?
45 Replies
MD
MD•7mo ago
register.php
MD
MD•7mo ago
MD
MD•7mo ago
login.php
MD
MD•7mo ago
Jochem
Jochem•7mo ago
have you run php -l on both files?
MD
MD•7mo ago
not yet
No syntax errors detected in src/view/login.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$ php -l src/view/register.php
No syntax errors detected in src/view/register.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$
No syntax errors detected in src/view/login.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$ php -l src/view/register.php
No syntax errors detected in src/view/register.php
md@darknet:~/Documents/Github/SimpleLoginAndRegister$
i thought my db.php was had errors because the extension complains about undefined variables yet it php -l on it said no sytan errors detected validateForms.php
<?php

class Validate {

public static function validateEmail($input) {
$errors = [];
if(empty($input)) {
$errors[] = 'Email is required';
}

if(!filter_var($input, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Email must be in proper format with name @ domain';
}

return $errors;
}

public static function validatePassword($password) {
$errors = [];
if(empty($password)) {
$errors[] = 'Password cannot be blank';
}

return $errors;
}

public static function validateRepeatPassword($firstpass, $secondpass) {
$errors = [];
if(empty($firstpass) || empty($secondpass)) {
$errors[] = 'Both password fields must be filled out';
}

if(strncmp($firstpass, $secondpass, count($firstpass)) != 0) {
$errors[] = 'Passwords do not match';
}

return $errors;
}
}
<?php

class Validate {

public static function validateEmail($input) {
$errors = [];
if(empty($input)) {
$errors[] = 'Email is required';
}

if(!filter_var($input, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Email must be in proper format with name @ domain';
}

return $errors;
}

public static function validatePassword($password) {
$errors = [];
if(empty($password)) {
$errors[] = 'Password cannot be blank';
}

return $errors;
}

public static function validateRepeatPassword($firstpass, $secondpass) {
$errors = [];
if(empty($firstpass) || empty($secondpass)) {
$errors[] = 'Both password fields must be filled out';
}

if(strncmp($firstpass, $secondpass, count($firstpass)) != 0) {
$errors[] = 'Passwords do not match';
}

return $errors;
}
}
Jochem
Jochem•7mo ago
have you checked the server error logs?
MD
MD•7mo ago
where are those? mostly I just run php -S localhost:8000 only thing it said was $token was undefined as a warning
Jochem
Jochem•7mo ago
oh, hm, then they'd be on the screen I think in the terminal where you run php -S I mean well, then it's time to start moving the old die('got to here'); through the files until it vanishes
MD
MD•7mo ago
i added a test.php with phpinfo() to see if that would yield some answers
No description
MD
MD•7mo ago
i think i need to do book projects or a course for this language it seems like im not getting it's approach to things right i added these to most of my files to see if it helps with errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
still nothing
Jochem
Jochem•7mo ago
just put die('got to here'); on the first line and move it through the file every time you refresh, if it still shows that, you know the error is below where you put that code it's rare that you have to go that far, but it'll help you identify what's wrong
MD
MD•7mo ago
like above my include? putting it there it died ah i put the die inside of the if for submit on the login page and when I hit login button, it didnt die if it doesnt die when hitting submit is that a problem?
Jochem
Jochem•7mo ago
I don't know, you'll have to think through what code should be running and why it isn't getting to the die call
MD
MD•7mo ago
i wish this had a debugger
Jochem
Jochem•7mo ago
It does I don't use it often personally, but it integrates with vs code just fine
MD
MD•7mo ago
i couldnt get it work before vscode just didnt even work with it hopefully this helps
MD
MD•7mo ago
No description
MD
MD•7mo ago
so for some weird reason the debugger will never setup into this block of code in login.php
if(isset($_POST['submit']) && !empty($_POST['submit'])) { ...}
if(isset($_POST['submit']) && !empty($_POST['submit'])) { ...}
`
Jochem
Jochem•7mo ago
"some weird reason" is almost never the fault of the debugger / programming language. My guess is that $_POST['submit'] is either not set or it's empty set a breakpoint on the if statement, then check the values.
MD
MD•7mo ago
yeah i ended up dumping all the code and restarting those pages oin the debugger when I would put a breakpoint on the isset for submit and hit submit on a blank form, it just skipped it all entirely but even when I put data in it still did the same thing
Jochem
Jochem•7mo ago
It's not going to be skipping for no reason, it just means your logic somewhere higher up isn't working like you want
MD
MD•7mo ago
<?php
$host = 'localhost';
$db = 'logindb';
$user = 'md';
$pass = 'wwe';



class Database {
private $dsn = "mysql:host=$host;dbname=$db;charset=UTF8";
public static function connect($host, $db, $user, $pass) {
try {
$options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];

return new PDO($dsn, $user, $pass, $options);
} catch(PDOException $e) {
die($e->getMessage());
}
}
}
<?php
$host = 'localhost';
$db = 'logindb';
$user = 'md';
$pass = 'wwe';



class Database {
private $dsn = "mysql:host=$host;dbname=$db;charset=UTF8";
public static function connect($host, $db, $user, $pass) {
try {
$options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];

return new PDO($dsn, $user, $pass, $options);
} catch(PDOException $e) {
die($e->getMessage());
}
}
}
is there a reason why vscode keeps saying my $dsn variable is either undefined or errored? the only fix was putting it in the try but it complained about it a lot
Jochem
Jochem•7mo ago
I'm not sure that works at all tbh You use $this to reference properties, but you're also treating the definition of $dsn as a template
MD
MD•7mo ago
ah im just not doing well with setting up this database class this was the PDO error I got PDO::__construct(): Argument #1 ($dsn) must be a valid data source nameconnection has diedPDO::__construct(): Argument #1 ($dsn) must be a valid data source name
Jochem
Jochem•7mo ago
You gotta start checking your values when you get errors
MD
MD•7mo ago
what is a good way to setup a database class to use pdo correctly? seems like im doing this all wrong
Jochem
Jochem•7mo ago
I never really used a class, just a global variable...
MD
MD•7mo ago
oh that might be easier to deal with have an example?
Jochem
Jochem•7mo ago
Not handy atm, I'll check later
MD
MD•7mo ago
ok 🙂 i use this to check for existing user
public function findUser($email, $pass) {
$db = new DB();
$conn = $db->connect();
if($conn == null) {
echo "connection has died";
}
$sql = "SELECT email, password FROM Users WHERE email=:email AND password=:password";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $pass, PDO::PARAM_STR);
$stmt->execute();

return $stmt->fetch(PDO::FETCH_ASSOC);

}
public function findUser($email, $pass) {
$db = new DB();
$conn = $db->connect();
if($conn == null) {
echo "connection has died";
}
$sql = "SELECT email, password FROM Users WHERE email=:email AND password=:password";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $pass, PDO::PARAM_STR);
$stmt->execute();

return $stmt->fetch(PDO::FETCH_ASSOC);

}
problem is fetch() returns a mixed if not then false
Jochem
Jochem•7mo ago
nope. You need to fetch the hash based on the email, then compare it with the password_verify function
MD
MD•7mo ago
how does that work? so just sql statement where email=:email? take out password
Jochem
Jochem•7mo ago
yup you get the hash back from that, and then you feed the unhashed password and the hash to password_verify because the password is re-hashed with a fresh salt every time you use password_hash, the same input won't produce the same output. password_verify will use the salt from the hash to rehash the provided password so that it does provide the same output
MD
MD•7mo ago
since fetch returns a mixed how do I access the database hash? is it like I have $existingUser equal to my controller calling that findUser function so would it be $existingUser->password ?
Jochem
Jochem•7mo ago
it should return an associative array I think? and false if it fails, but you just check for that
MD
MD•7mo ago
yeah I have that checked already
Jochem
Jochem•7mo ago
so you'd probably just use findUser(..., ...)['password'] to access the hash or whatever you assigned the restult $to['password']
MD
MD•7mo ago
<?php
include('../helpers/validateForms.php');
include('../controller/usercontroller.php');

$validator = new Validate;
$userControl = new UserController;
$res = "";

$options = [
'cost' => 12,
];

if(isset($_POST['submit'])) {
$errorEmail = $validator::validateEmail($_POST['email']);
$errorPass = $validator::validatePassword($_POST['password']);



if(empty($errorEmail) && empty($errorPass)) {

$email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
$pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");



$existingUser = $userControl->find_User($email);

debugToConsole($existingUser);


if($existingUser == FALSE) {
$res = "User does not exist in the system";
} else {
if(password_verify($pass, $existingUser['password']) == true) {
$res = "Thank you for signing in. Redirecting to your page";
header("location: userpage.php");
exit;
} else {
$res = "password does not match";
}
}
}
}
<?php
include('../helpers/validateForms.php');
include('../controller/usercontroller.php');

$validator = new Validate;
$userControl = new UserController;
$res = "";

$options = [
'cost' => 12,
];

if(isset($_POST['submit'])) {
$errorEmail = $validator::validateEmail($_POST['email']);
$errorPass = $validator::validatePassword($_POST['password']);



if(empty($errorEmail) && empty($errorPass)) {

$email = htmlspecialchars($_POST['email'], ENT_QUOTES, "UTF-8");
$pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");



$existingUser = $userControl->find_User($email);

debugToConsole($existingUser);


if($existingUser == FALSE) {
$res = "User does not exist in the system";
} else {
if(password_verify($pass, $existingUser['password']) == true) {
$res = "Thank you for signing in. Redirecting to your page";
header("location: userpage.php");
exit;
} else {
$res = "password does not match";
}
}
}
}
Jochem
Jochem•7mo ago
There is never any reason to do this $pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");
MD
MD•7mo ago
you need to worry about script injection with password fields?
Jochem
Jochem•7mo ago
why? when are you ever rendering a password to a user? you're never running exec on passwords, or inserting them unhashed into databases
MD
MD•7mo ago
ah good point I keep thinking everything can be cross site scripted XD
Jochem
Jochem•7mo ago
cross site scripting is only a concern when you show content from one user to another just make sure you also don't do it during registration because otherwise people who use quotes in their password won't be able to log in
MD
MD•7mo ago
i went ahead and removed that from both pages so password is just $pass = $_POST['password']; now
Want results from more Discord servers?
Add your server