#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    16
    Rep Power
    0

    PDO code Executing, not throwing errors, but not inserting data to DB


    Okay... this is bugging the HELL out of me. I have a line of code that just refuses to insert into the database. Now, normally I would assume this is because i've written the code wrong. So naturally, i've tested the segment of code in question in a test.php file.

    Code:
    <?php
    include('includes/constants.php');
    $name = 'test';
    $salt = 'f*** your couch';
    								$hash = md5(time().$name.$salt);
    							$sql = "INSERT INTO user_active(hash) VALUE (:hash)";
    							$que = $db->prepare($sql);
    							$que->bindValue('hash', $hash);
    							try{ 
    								$que->execute(); 
    								return true;
    								$this->EmailActivate($email, $username, $hash);
    								}catch(PDOException $e){$this->error('could not send email'); }
    This doesn't throw an error, and actually updates to the database, however, when implemented into the fuller code (as seen below, Function registerUser) all the code works, i get no errors. The user is added to the user table, the bank account to that table, so on and so forth. but goramit, the user_active table is not updated at all!

    Code:
    class user
    {
    	protected $db;
    	protected $uid;
    	protected $email;
    	protected $username;
    	protected $citcode;
    	protected $password;
    	public $error;
    	protected $token;
    	function __construct($db)
    	{
    		$this->uid = '0';
    		$this->db = $db;
    	}
    	function error($error)
    	{
    		$this->error = $error;	
    	}
    	function passwordCrypt($password)
    	{
    		$password = crypt($password, '$2a$'.$salt);
    		$this->password = $password;
    		return $this->password;
    	}
    	private function EmailActivate($mail, $name, $hash)
    	{
    		/* The Actual Email Script */
    		$to      = $mail;
    		$subject = 'Beta Site Verification Test';
    		$message = 'http://gmz1023.com/verify.php?username='.$name.'&ver='.$hash;
    		$headers = 'From: NoReply@thehavenchronicles.com' . "\r\n" .
      					 'Reply-To: NoReply@TheHavenChronicles.com' . "\r\n" .
      					 'X-Mailer: PHP/' . phpversion();
    		if(mail($to, $subject, $message, $headers))
    		{
    			return true;
    		}
    		else
    		{
    			return false;
    		}
    		 
    
    	}
    	function registerUser($username, $password, $email, $citcode, $db)
    	{
    		$username = $username;
    		$verifyCC = $this->checkCitCode($citcode);
    		$verifyUser = $this->checkUsername($username, $email);
    		if($verifyUser == true)
    		{
    			if($verifyCC == true)
    			{
    				if(empty($username))
    				{
    					$this->error('no username');
    				}
    				else
    				{
    					if(!empty($password))
    					{
    						$salt = uniqid(mt_rand(), true);
    						$password = $this->passwordCrypt($password, $salt);
    						$date = date('Y-m-d');
    						$sql = "INSERT INTO users(username, password, email, joindate, citcode, exp, salt) VALUES (:username, :password, :email, NOW(), :citcode, :exp, :salt);";
    						$sql .= "INSERT INTO bank_accounts(type, balance) VALUES ('personal', '10000');";
    						$query = $this->db->prepare($sql);
    						$query->bindValue('username', $username);
    						$query->bindValue('password', $password);
    						$query->bindValue('email', $email);
    						$query->bindValue('citcode', $citcode);
    						$query->bindValue('exp', '0');
    						$query->bindValue('salt', $salt);
    						try{
    							$query->execute(); 
    							/* Invert Verification Codes */
    							$hash = md5(time().$name.$salt);
    							$sql = "INSERT INTO user_active(hash) VALUE (:hash)";
    							$que = $this->db->prepare($sql);
    							$que->bindValue('hash', $hash);
    							try{ 
    								$que->execute(); 
    								return true;
    								$this->EmailActivate($email, $username, $hash);
    								}catch(PDOException $e){$this->error('could not send email'); }
    							
    							return true;
    						}catch(PDOException $e){ $this->error('could not register user'); }
    					}
    					else
    					{
    						return false;
    					}
    				}	
    			}
    			else
    			{
    				return $this->error('Could not Verify Citizen Code');
    			}
    		}
    		else
    		{
    			return $this->error('Username/Password is already taken');
    		}
    	}
    	function checkCitCode($citcode)
    	{
    		$sql = "SELECT amount, active FROM citizen_codes WHERE citizen_code = :citcode";
    		$query = $this->db->prepare($sql);
    		$query->bindValue('citcode', $citcode);
    		try{ $query->execute(); 
    			while($row = $query->fetch())
    			{
    				if($row['active'] >= $row['amount'])
    				{
    					return false;	
    				}
    				else
    				{
    					$active = $row['active'] +1;
    					$sql = "UPDATE citizen_codes SET active = :active WHERE citizen_code = :citcode";
    					$query = $this->db->prepare($sql);
    					$query->bindValue('active', $active);
    					$query->bindValue('citcode', $citcode);
    					try { $query->execute(); return true; }
    					catch(PDOException $e) { $e->getMessage(); }
    				}
    			}
    		}
    		catch(PDOException $e) { $e->getMessage(); }
    	}
    
    	function checkUsername($username, $email)
    	{
    		if(strlen($username) > 15)
    		{
    			return true;
    			echo "username too long";
    		}
    		else
    		{
    			$sql = "SELECT count(*) FROM users WHERE username = :username OR email = :email";
    			$que = $this->db->prepare($sql);
    			$que->bindValue('username', $username);
    			$que->bindValue('email', $email);
    			try { 
    				$que->execute(); 
    				$row = $que->fetch();
    					if($row[0] > 0)
    					{
    						return false;
    					}
    					else
    					{
    					return true;	
    					}
    				} catch(PDOException $e) { $e->getMessage(); }	
    		}
    	}
    	function checkPasssword($uid, $password)
    	{
    		$sql = "SELECT password FROM users WHERE uid = '{$uid}';";
    		$que = $this->db->prepare($sql);
    		$que->prepare($sql);
    		$que->bindValue('uid', $uid);
    		try{
    			$password = $this->passwordCrypt($password);
    			$row = $que->fetch();
    			if($row[0] == $password)
    			{
    				return true;	
    			}
    			else
    			{
    				return false;	
    			}
    			return false;
    		}catch(PDOException $e) { $e->getMessage(); }
    
    	}
    	function changePassword($uid, $password, $confirm, $current)
    	{	
    		if($this->checkPassword($uid, $current) == true)
    		{
    			$password = $this->passwordCrypt($password);
    			$sql = "UPDATE users SET password = ? WHERE uid = ?";
    			$que = $this->db->prepare($sql);
    			$que->bindValue('1', $passoword);
    			$que->bindValue('2', $uid);
    
    		}
    	}
    	function generate_secure_token($length = 16) 
    	{ 
    		 
    	} 
    	function setSession($username, $password)
    	{
    		$password = $this->passwordCrypt($password);
    		$username = $username;
    		$sql = "SELECT uid FROM users WHERE username = :username AND password = :password";
    		$query = $this->db->prepare($sql);
    		$query->bindParam('username', $username);
    		$query->bindParam('password', $password);
    		if(!$query)
    		{
    			return false;
    		}
    		else
    		{
    			$_SESSION['token'] = 'onedayillbearealtoken';
    			$query->execute();
    			$row = $query->fetch();
    			$_SESSION['uid'] = $row[0];
    
    			return true;
    		}
    	}
    }
    So if someone could kindly point out the error of my way. That would be much apprieciated. otherwise, i'm going to throw this code into the murky abyss of my trash can along with my laptop.
  2. #2
  3. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Not sure of why it's not working off-hand, but your error detection is probably failing since PDOStatement::execute doesn't throw an exception on failure; it just returns false.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    16
    Rep Power
    0
    Originally Posted by dmittner
    Not sure of why it's not working off-hand, but your error detection is probably failing since PDOStatement::execute doesn't throw an exception on failure; it just returns false.
    I'm well aware of that and the actual registration page code handles the fact that it returns true or false. for whatever reason the code is just not working.

    (I'm actually agitated over this, and am probably not in the right mindset to be posting on anysite other than 4chan atm. So i appoligize if i stop making logical sense)
  6. #4
  7. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Right, but the first thing you said is that it doesn't throw an error. By default it never would, even if there is one. Since you're not doing anything with errorInfo if you get a false response, you wouldn't know if an error is coming from MySQL.

    And twice you have execute() calls as the first thing within a try block, but not testing if it returns false. So as aware as you claim to be, you're not actually testing to make sure the queries are working before continuing on.

    Even if you've set PDO::ERRMODE_EXCEPTION, that inner $que->execute() call isn't printing out the error and is still returning true.

IMN logo majestic logo threadwatch logo seochat tools logo