ers
I'm attempting to learn how to create a registration and authentication for a website using the slim framework. My objective is to make a handler for POST and when properly authenticated, the website will save and the username and the name. So that the next time the user goes to the page, the website will greet them by stating their name. I will be doing this through two separate PHP files, however I believe the issue is in this PHP file.
Here is what I currently have:
$app->post('/users', function (Request $request, Response $response, array $args) {
$user = array('username'=> $_POST['username'], 'password' => $_POST['password'], 'name' => $_POST['name']);
$res = saveUser($user);
if($result === true) { return $response->withRedirect('login.html', 302); }
return $response->withRedirect('registration.html#',$result,302); });
$app->post('/auth', function (Request $request, Response $response, array $args) {
if(isset($_POST['username']) {
return $response->withRedirect('welcome.php', 302);
}
if(authUser($_POST['username'], $_POST['password']) === true) {
$_SESSION["username"] = $_POST['username'];
$_SESSION["name"] = $_POST['name'];
return $response->withRedirect('welcome.php', 302);
}
else { //authentication doesn't work, destroy session and go to login page
session_destroy();
return $response->withRedirect('login.html',302);
}
To my understanding, the username, password, and the user's actual name should be saved in _POST. However, when I use:
var_dump($_POST);
The password and the username are the only ones that show up when they are being called. Which leads me to believe that this is why my "welcome.php" does not greet the user.
Here is the contents of my welcome.php:
<?php session_start(); ?>
!DOCTYPE html
<title> Welcome! </title>
<h1> Welcome Page </h1>
<section>
<p>
<?php
if(isset($_SESSION['name'])) { echo "Grettings " . $_SESSION['name']. "! ";}
?> Click <a href="login.html">here to login</a> OR <a href="registration.html"> here for registration</a>.
</p>
</section>
I think my error must be how I am trying to call it or within the isset function, but again, I do not know why name has not been properly saved.
It's mostly considered bad form to access the globals this way. As you're running slim, they've a request object available for you to use that you're already passing in:
$myArgs = $request->getQueryParams();
foreach($myArgs as $key => $value){
echo $key . '=>' . $value . PHP_EOL;
}
That said, the cause of your problem is this:
$response->withRedirect(..)
This returns to the browser a http 302 redirect to a new url. This is a second hit. The first hit is a POST to /auth, the second hit is a GET request to /welcome.php
Another thing that jumps out at me is your logic path on /auth. If 'username' is set in $_POST, then you're sending them to welcome.php first thing, the other code (like the call to the authUser(..) function) never get executed. As you are never setting $_SESSION['username'] to anything, it's still blank.
Last thing I'll say is just a style point; I personally try to use single quotes(') for strings whenever possible and avoid double quotes("), as double quotes tell PHP that the string may have special tokens in it that may need parsed. If you're not parsing tokens, just use single quotes. Other than that, welcome to PHP and I'm excited to see what you make!