Where am i going wrong? singleton and sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dallasg
Forum Newbie
Posts: 3
Joined: Tue Mar 31, 2009 7:55 am

Where am i going wrong? singleton and sessions

Post by dallasg »

pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


hi,
i am having an issue i havent had before and cant see where i am going wrong.

i have an index.php with this at the top

Code: Select all

include("includes/config.php");
if (!$_SESSION["AUTH"]){
    header("Location: login.php");
}
in the config i setup db connection and a singleton for Users

Code: Select all

//base classes
$UserObj = User::getInstance();
all works fine, i get redirected to the login page, it logs in and returns me to the index.php

Code: Select all

if ($_POST && !empty($_POST["username"]) && !empty($_POST["password"])){
    //login user
    $UserObj->login($_POST["username"],$_POST["password"]);
    if ($UserObj->isAuth()){
        $_SESSION["AUTH"] = true;
        header("Location: index.php");
    }else{
        $err = '<span class="gt-error">Incorrect Username and Password combination</span>';
    }
}else{
    $err="";
}
but when i get back to the index.php page, the UserObj is empty and is null, what am i doing wrong?

Code: Select all

<?php echo $UserObj->getName();?>

Code: Select all

object(User)#11 (12) { ["id:private"]=> NULL ["name:private"]=> NULL ["username:private"]=> NULL ["password:private"]=> NULL ["branchid:private"]=> NULL ["created:private"]=> NULL ["lastlogin:private"]=> NULL ["voucherslogged:private"]=> NULL ["edited:private"]=> NULL ["newuser:private"]=> NULL ["Auth:private"]=> NULL ["loaded:private"]=> NULL }
the user class

Code: Select all

/*User Class*/
class User {
    /*member vars*/
    /*user table*/
    private $id;
    private $name;
    private $username;
    private $password;
    private $branchid;
    private $created;
    private $lastlogin;
    private $voucherslogged;
    private $edited;
 
    //new user?
    private $newuser;
 
    //auth
    private $Auth;
    private $loaded;
    
    
    private static $instance;
    
    
    /*member functions*/    
    // The singleton method
    public static function getInstance() 
    {
        if (!isset(self::$instance)) {
            $c = __CLASS__;
            self::$instance = new $c;
        }
 
        return self::$instance;
    }
    // Prevent users to clone the instance
    public function __clone()
    {
        trigger_error('Clone is not allowed.', E_USER_ERROR);
    }
    
    public function login($username,$password){
        //lets login in the user
        $sql = "select * from users where username = '".$username."' ";
        $rs = query($sql);
        if ($rs->RecordCount() > 0){
            if ($rs)
                while ($arr = $rs->FetchRow()) {
                    # process $arr       
                    $this->id = $arr["id"];
                    $this->name = $arr["name"];
                    $this->username = $arr["username"];
                    $this->password = $arr["password"];
                    $this->branchid = $arr["branchid"];
                    $this->created = $arr["created"];
                    $this->lastlogin = $arr["lastlogin"];
                    $this->voucherslogged = $arr["vouchers_logged"];
                    $this->edited = $arr["edited"];
                }           
            if($password == $this->password){
                $this->Auth = true;
            }else{
                $this->Auth = false;
            }
        }else{
            $this->Auth = false;
        }
        
    }
    
    // A private constructor; prevents direct creation of object
    private function __construct() 
    {
    
    }
    
    function __destructor(){
        //nothing
    }
    
    public function isAuth(){
        return $this->Auth;
    }
    
    public function getName(){
        return $this->name;
    }
}

pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Where am i going wrong? singleton and sessions

Post by pickle »

- I don't see you starting the session anywhere with session_start(). That's necessary to carry the session from one page load to the next.
- I also don't see in the User object, any place where the user data is loaded. All you're storing in $_SESSION is whether or not the user is authenticated, not any of their information.
- You really want to escape the $username and $password in your User::login() function. What would happen if I typed this in as my username?

Code: Select all

' OR username LIKE '%'
- You should never store a password, even a hashed password, in code. I'd strongly suggest changing your query to check for a match not only with the username, but also with the password - that'll cut out an IF() statement as well.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
dallasg
Forum Newbie
Posts: 3
Joined: Tue Mar 31, 2009 7:55 am

Re: Where am i going wrong? singleton and sessions

Post by dallasg »

pickle wrote:- I don't see you starting the session anywhere with session_start(). That's necessary to carry the session from one page load to the next.
- I also don't see in the User object, any place where the user data is loaded. All you're storing in $_SESSION is whether or not the user is authenticated, not any of their information.
- You really want to escape the $username and $password in your User::login() function. What would happen if I typed this in as my username?

Code: Select all

' OR username LIKE '%'
- You should never store a password, even a hashed password, in code. I'd strongly suggest changing your query to check for a match not only with the username, but also with the password - that'll cut out an IF() statement as well.
the session auto-starts from the php.ini, this is just test code to see why i cant get the singleton to carry data accross pages etc, am i confused on how it all works.?
the user object is created in the config file as this is common to all pages etc and included, is this wrong?
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Where am i going wrong? singleton and sessions

Post by pickle »

I think you are confused as to what "singleton" is. A Singleton object is one that only instantiates once per page load. It is not persistent across subsequent page loads. $_SESSION is. I think what you want to do is store the username in $_SESSION, then in config.inc, generate a new User object with that username.

It's not wrong to put the creation of the User object in config.inc. Semantically I would put it in a setup.php type file - leaving config.inc for site-wide properties. That's completely subjective though & if your setup works fine for you, there's no need to change it.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
dallasg
Forum Newbie
Posts: 3
Joined: Tue Mar 31, 2009 7:55 am

Re: Where am i going wrong? singleton and sessions

Post by dallasg »

many thanks, that makes much more sense now
now i can move along
Post Reply