0

My PHP knowledge level: Novice.

Learning resources: Codecademy, TheNewBoston, Wikipedia, PHP Documentation.

What I am trying to achieve: I am trying to learn how to work with object oriented PHP since I have read that is more efficient in the long term than procedural methods. I am trying to redirect users to the login.php page if the entered name and password match with the database and relogin.php upon fail.

The problem: I can't figure out why my conditional is not working as expected. It does work, otherwise I would have had an error message.

What I tried: Worked on the below code on scratch. I did a google search on the problem, tried to fix it by checking if any semicolons or brackets are missing, and even checked if my database connection could be established. It seems there are no errors so it means the conditional is only showing true.

Current error messages: No error messages on screen or in the source code which means the code is right but not working as expected.

If you want me to comment the code please let me know.

My PHP code: 

if(isset($_POST['name'])) {
    $name= $_POST['name'];
    $password = $_POST['password'];
    $login = new login($name, $password);
}

class Login {

    public function __construct ($name, $password) {

        if ($this->check($name, $password)){
            header("location:login.php");
        }
        else {
            header("location:relogin.php");
        }
    }   

    public function check ($name, $password) {
        $request = "SELECT `id` FROM `members` WHERE `name` LIKE '$name' AND ´password´ LIKE '$password'";
        $result = mysqli_query($connection, $request);
        return mysqli_num_rows($result) > 0;
    }
} 

        public function check ($name, $password) {
            $request = "SELECT `id` FROM `members` WHERE `name` LIKE '$name' AND ´password´ LIKE '$password'";
            $result = mysqli_query($connection, $request);
            return $result;
        }
    }

**HTML code**

    <form action="Login.php" method="post">
         <input type="text" placeholder="Name" name="name">
         <input type="password" placeholder="Password" name="password">
         <input type="submit" name="button" value="Login">     
    </form>
Improve this question
10
  • Define "doesn't work". What do you expect this to do, and what does it do instead? Put in some var_dump() and echo statements to debug where the code does go and where it unexpectedly doesn't. Commented Aug 18, 2015 at 7:55
  • Also, indeed, this won't do anything by itself as is. You're declaring a class, you're never instantiating or executing any of its code... Commented Aug 18, 2015 at 7:56
  • @deceze it returns true everytime, even if login is wrong Commented Aug 18, 2015 at 7:56
  • Two major issues here: 1. your code is wide open to sql injections, you should read about the advantages of using "prepared statements" and "parameter binding". 2. you should never store passwords in a database! No! You should store only a salted hash of a password and compare hashes at runtime. Commented Aug 18, 2015 at 7:57
  • 2
    Make sure you didnt simplify it to the point of mutilation Commented Aug 18, 2015 at 8:04

2 Answers 2

Reset to default
2

You are storing password twice:

$password = $_POST['name'];
$password = $_POST['password'];

I guess the first one should be $name.

Also to make the class work you need to make an object from it:

if(isset($_POST['password'])) {
    $name= $_POST['name'];
    $password = $_POST['password'];
    $login = new login($name, $password);
}

You will also need to fix the code inside your constructor:

When you call a function inside the same class you need to reference it by using $this->:

check($name, $password)

should become:

$this->check($name, $password)

Also:

your check function isn't returning true or false. You can return something like:

return mysqli_num_rows($result) > 0;
Improve this answer
Sign up to request clarification or add additional context in comments.

20 Comments

Apparently this is a simplified example the connection is there
Yes i've fixed the answer ;) But he's still not returning true or false.
I see that I need to made a new object first. Why does it work without making an object then? For example the conditional inside gives me true even if there is no object
Which makes me think that the class fires even without the object? Maybe the user triggers it as soon as the form button is clicked
There is no relation between the user's click and the execution of a method inside a class (unless you coded something to achieve this, which is not mentioned inside your example). The code inside __construct is executed when you generate an object from the Login class.
|
0

Try this,

class Login {

 public function __construct ($name, $password) {

    if ($this->check($name, $password) > 0) {
        header("location:login.php");
    }
    else {
        header("location:relogin.php");
    }
}   

public function check ($name, $password) {

    $request = "SELECT `id` FROM `members` WHERE `name` LIKE '$name' AND ´password´ LIKE '$password'";
    $result = mysqli_query($connection, $request);
    return mysqli_num_rows($result);
}

}

if(isset($_POST['password'])) {

$name= $_POST['name'];
$password = $_POST['password'];
$login = new Login($name, $password);

}

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.