I'm building a login class with PHP, but the variables used are empty when I pass them to the class method even though they shouldn't be. I tried returning only the $username variable but it's still empty, though if I return it without using the class I can see that it gets assigned correctly.
I'm using multiple other classes with methods where the variables gets assigned correctly.
I don't know if i've stared myself blind and am missing something obvious or if there's something else causing this.
class Auth
{
private $mysqli;
public function __construct(mysqli $mysqli)
{
$this->mysqli = $mysqli;
}
public function login($username, $password) //These variables are empty, even when they shouldn't be
{
$return['error'] = true;
$uid = $this->getUserId(strtolower($username)); //Returns false because $username variable is empty
if (!$uid) {
$return['message'] = 'No such user.'; //Output
return $return;
}
$user = $this->getUser($uid);
if (!password_verify($password, $user['password'])) {
$return['message'] = 'Password incorrect';
return $return;
}
$return['error'] = false;
$return['message'] = 'Logged in';
return $return;
}
private function getUserId($username)
{
$stmt = $this->mysqli->prepare("SELECT id FROM users WHERE username = ?");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($id);
if ($stmt->num_rows < 1) {
return false;
}
$stmt->fetch();
return $id;
}
private function getUser($uid)
{
$stmt = $this->mysqli->prepare("SELECT username, password, email FROM users WHERE id = ?");
$stmt->bind_param('s', $uid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($username, $password, $email);
if ($stmt->num_rows < 1) {
return false;
}
$stmt->fetch();
$return['uid'] = $uid;
$return['username'] = $username;
$return['password'] = $password;
$return['email'] = $email;
return $return;
}
}
A form assigns the variables sent.
<form method="POST" action="post.php">
<label>Username
<input style="display:block;width:250px;" type="text" name="username" required></label>
<label>Password
<input style="display:block;width:250px;" type="password" name="password"></label>
<button style="display:block;" class="default_btn">Log in</button>
</form>
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$auth = new Auth($mysqli);
$auth->login($username, $password);
if ($auth->login()['error']) {
echo 'error:' . $auth->login()['message'];
} else {
echo 'success:' . $auth->login()['message'];
}
}
EDIT:
If I assign the variables in the class method the code works:
public function login($username = 'user', $password = 'pass')
But if I do this, it will not work:
$username = 'User';
$password = 'pass';
$auth = new Auth($mysqli);
$auth->login($username, $password);
Also, if I use the $_POST values outside of $auth->login() they are assigned so they are not empty when passing them to the class...
The problem seems to be that you don't store the result and instead call login again without values: if ($auth->login()['error']) {
.
Try this:
<form method="POST" action="post.php">
<label>Username
<input style="display:block;width:250px;" type="text" name="username" required></label>
<label>Password
<input style="display:block;width:250px;" type="password" name="password"></label>
<button style="display:block;" class="default_btn">Log in</button>
</form>
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$auth = new Auth($mysqli);
$login_result = $auth->login($username, $password);
if ($login_result['error']) {
echo 'error:' . $login_result['message'];
} else {
echo 'success:' . $login_result['message'];
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With