not seeing any errors yet the code isn't working with login and register
it seems my login and register pages are error-ed and the database isn't getting the data but im not seeing errors. Any ideas?
45 Replies
register.php
login.php
have you run
php -l
on both files?not yet
i thought my
db.php
was had errors because the extension complains about undefined variables yet it php -l
on it said no sytan errors detected
validateForms.php
have you checked the server error logs?
where are those?
mostly I just run
php -S localhost:8000
only thing it said was $token
was undefined as a warningoh, hm, then they'd be on the screen I think
in the terminal where you run php -S I mean
well, then it's time to start moving the old
die('got to here');
through the files until it vanishesi added a
test.php
with phpinfo()
to see if that would yield some answersi think i need to do book projects or a course for this language
it seems like im not getting it's approach to things right
i added these to most of my files to see if it helps with errors
still nothing
just put
die('got to here');
on the first line and move it through the file
every time you refresh, if it still shows that, you know the error is below where you put that code
it's rare that you have to go that far, but it'll help you identify what's wronglike above my
include
?
putting it there it died
ah
i put the die
inside of the if
for submit on the login page and when I hit login button, it didnt die
if it doesnt die when hitting submit is that a problem?I don't know, you'll have to think through what code should be running and why it isn't getting to the die call
i wish this had a debugger
It does
I don't use it often personally, but it integrates with vs code just fine
i couldnt get it work before
vscode just didnt even work with it
hopefully this helps
so for some weird reason the debugger will never setup into this block of code in login.php
`
"some weird reason" is almost never the fault of the debugger / programming language. My guess is that
$_POST['submit']
is either not set or it's empty
set a breakpoint on the if statement, then check the values.yeah i ended up dumping all the code and restarting those pages
oin the debugger when I would put a breakpoint on the isset for submit and hit submit on a blank form, it just skipped it all entirely but even when I put data in it still did the same thing
It's not going to be skipping for no reason, it just means your logic somewhere higher up isn't working like you want
is there a reason why vscode keeps saying my $dsn variable is either undefined or errored?
the only fix was putting it in the try but it complained about it a lot
I'm not sure that works at all tbh
You use $this to reference properties, but you're also treating the definition of $dsn as a template
ah im just not doing well with setting up this database class
this was the PDO error I got
PDO::__construct(): Argument #1 ($dsn) must be a valid data source nameconnection has diedPDO::__construct(): Argument #1 ($dsn) must be a valid data source name
You gotta start checking your values when you get errors
what is a good way to setup a database class to use pdo correctly?
seems like im doing this all wrong
I never really used a class, just a global variable...
oh that might be easier to deal with
have an example?
Not handy atm, I'll check later
ok 🙂
i use this to check for existing user
problem is
fetch()
returns a mixed
if not then falsenope. You need to fetch the hash based on the email, then compare it with the password_verify function
how does that work?
so just sql statement where
email=:email
?
take out passwordyup
you get the hash back from that, and then you feed the unhashed password and the hash to password_verify
because the password is re-hashed with a fresh salt every time you use password_hash, the same input won't produce the same output. password_verify will use the salt from the hash to rehash the provided password so that it does provide the same output
since fetch returns a
mixed
how do I access the database hash? is it like I have $existingUser
equal to my controller calling that findUser
function so would it be $existingUser->password
?it should return an associative array I think?
and false if it fails, but you just check for that
yeah I have that checked already
so you'd probably just use
findUser(..., ...)['password']
to access the hash
or whatever you assigned the restult $to['password']There is never any reason to do this
$pass = htmlspecialchars($_POST['password'], ENT_QUOTES, "UTF-8");
you need to worry about script injection with password fields?
why?
when are you ever rendering a password to a user?
you're never running exec on passwords, or inserting them unhashed into databases
ah good point
I keep thinking everything can be cross site scripted
XD
cross site scripting is only a concern when you show content from one user to another
just make sure you also don't do it during registration because otherwise people who use quotes in their password won't be able to log in
i went ahead and removed that from both pages so password is just
$pass = $_POST['password'];
now