Page 1 of 1

Where am i going wrong? singleton and sessions

Posted: Tue Mar 31, 2009 7:57 am
by dallasg
pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


hi,
i am having an issue i havent had before and cant see where i am going wrong.

i have an index.php with this at the top

Code: Select all

include("includes/config.php");
if (!$_SESSION["AUTH"]){
    header("Location: login.php");
}
in the config i setup db connection and a singleton for Users

Code: Select all

//base classes
$UserObj = User::getInstance();
all works fine, i get redirected to the login page, it logs in and returns me to the index.php

Code: Select all

if ($_POST && !empty($_POST["username"]) && !empty($_POST["password"])){
    //login user
    $UserObj->login($_POST["username"],$_POST["password"]);
    if ($UserObj->isAuth()){
        $_SESSION["AUTH"] = true;
        header("Location: index.php");
    }else{
        $err = '<span class="gt-error">Incorrect Username and Password combination</span>';
    }
}else{
    $err="";
}
but when i get back to the index.php page, the UserObj is empty and is null, what am i doing wrong?

Code: Select all

<?php echo $UserObj->getName();?>

Code: Select all

object(User)#11 (12) { ["id:private"]=> NULL ["name:private"]=> NULL ["username:private"]=> NULL ["password:private"]=> NULL ["branchid:private"]=> NULL ["created:private"]=> NULL ["lastlogin:private"]=> NULL ["voucherslogged:private"]=> NULL ["edited:private"]=> NULL ["newuser:private"]=> NULL ["Auth:private"]=> NULL ["loaded:private"]=> NULL }
the user class

Code: Select all

/*User Class*/
class User {
    /*member vars*/
    /*user table*/
    private $id;
    private $name;
    private $username;
    private $password;
    private $branchid;
    private $created;
    private $lastlogin;
    private $voucherslogged;
    private $edited;
 
    //new user?
    private $newuser;
 
    //auth
    private $Auth;
    private $loaded;
    
    
    private static $instance;
    
    
    /*member functions*/    
    // The singleton method
    public static function getInstance() 
    {
        if (!isset(self::$instance)) {
            $c = __CLASS__;
            self::$instance = new $c;
        }
 
        return self::$instance;
    }
    // Prevent users to clone the instance
    public function __clone()
    {
        trigger_error('Clone is not allowed.', E_USER_ERROR);
    }
    
    public function login($username,$password){
        //lets login in the user
        $sql = "select * from users where username = '".$username."' ";
        $rs = query($sql);
        if ($rs->RecordCount() > 0){
            if ($rs)
                while ($arr = $rs->FetchRow()) {
                    # process $arr       
                    $this->id = $arr["id"];
                    $this->name = $arr["name"];
                    $this->username = $arr["username"];
                    $this->password = $arr["password"];
                    $this->branchid = $arr["branchid"];
                    $this->created = $arr["created"];
                    $this->lastlogin = $arr["lastlogin"];
                    $this->voucherslogged = $arr["vouchers_logged"];
                    $this->edited = $arr["edited"];
                }           
            if($password == $this->password){
                $this->Auth = true;
            }else{
                $this->Auth = false;
            }
        }else{
            $this->Auth = false;
        }
        
    }
    
    // A private constructor; prevents direct creation of object
    private function __construct() 
    {
    
    }
    
    function __destructor(){
        //nothing
    }
    
    public function isAuth(){
        return $this->Auth;
    }
    
    public function getName(){
        return $this->name;
    }
}

pickle | Please use [ code=php ], [ code=text ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: Where am i going wrong? singleton and sessions

Posted: Tue Mar 31, 2009 10:12 am
by pickle
- I don't see you starting the session anywhere with session_start(). That's necessary to carry the session from one page load to the next.
- I also don't see in the User object, any place where the user data is loaded. All you're storing in $_SESSION is whether or not the user is authenticated, not any of their information.
- You really want to escape the $username and $password in your User::login() function. What would happen if I typed this in as my username?

Code: Select all

' OR username LIKE '%'
- You should never store a password, even a hashed password, in code. I'd strongly suggest changing your query to check for a match not only with the username, but also with the password - that'll cut out an IF() statement as well.

Re: Where am i going wrong? singleton and sessions

Posted: Tue Mar 31, 2009 12:50 pm
by dallasg
pickle wrote:- I don't see you starting the session anywhere with session_start(). That's necessary to carry the session from one page load to the next.
- I also don't see in the User object, any place where the user data is loaded. All you're storing in $_SESSION is whether or not the user is authenticated, not any of their information.
- You really want to escape the $username and $password in your User::login() function. What would happen if I typed this in as my username?

Code: Select all

' OR username LIKE '%'
- You should never store a password, even a hashed password, in code. I'd strongly suggest changing your query to check for a match not only with the username, but also with the password - that'll cut out an IF() statement as well.
the session auto-starts from the php.ini, this is just test code to see why i cant get the singleton to carry data accross pages etc, am i confused on how it all works.?
the user object is created in the config file as this is common to all pages etc and included, is this wrong?

Re: Where am i going wrong? singleton and sessions

Posted: Tue Mar 31, 2009 2:08 pm
by pickle
I think you are confused as to what "singleton" is. A Singleton object is one that only instantiates once per page load. It is not persistent across subsequent page loads. $_SESSION is. I think what you want to do is store the username in $_SESSION, then in config.inc, generate a new User object with that username.

It's not wrong to put the creation of the User object in config.inc. Semantically I would put it in a setup.php type file - leaving config.inc for site-wide properties. That's completely subjective though & if your setup works fine for you, there's no need to change it.

Re: Where am i going wrong? singleton and sessions

Posted: Tue Mar 31, 2009 2:29 pm
by dallasg
many thanks, that makes much more sense now
now i can move along