Title is my error, doesn't make sense to me

[php]
<?php
error_reporting(-1); // reports all errors

ini_set("display_errors", "1"); // shows all errors

ini_set("log_errors", 1);

require ("classes/Password.php");
require ("classes/Database.php");
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
	$update = new PasswordUp();
	$uid = $_SESSION['userId'];
	
	$cpassword = $password = $repassword = "";
	$post = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);		
	
	$cpassword =  $post['cpassword'];		
	$password =  $post['password'];		
	$repassword =  $post['repassword'];		
	$errors = array();

	$fields = array(
	'password' => array(         
		'validate' => 'emptyPassword',
		'message' => 'Password required',
		'value' => $password,
	)
	
	);


	foreach($fields as $key => $value) 
	{
		$validation_result = $update->{$value['validate']}($value['value']);
    	if(!$validation_result) 
		{
    		$errors[] = ['name' => $key, 'error' => $value['message']];
		}
	}

 if(empty($errors))  
    {

		try
		{
			$db = new Database;
			$query = "SELECT userId,password FROM users WHERE userId = :uid";   
			$stmt = $db->prepare($query);    
			$stmt->bindValue(':uid', $uid);  
			$stmt->execute();   
			if(!$results = $stmt->fetch())  
			{  
				//  email did not match  
				$errors[] = ["name" => "cpassword", "error" => "Something went wrong contact our customer care team or try again later"];  
			}  
			else   
			{  
				// verify the password  
				if(!password_verify($cpassword, $results['password']))  
				{  
					// the password did not verify  
					   $errors[] = ["name" => "cpassword", "error" => "Incorrect password"];    
				}  
				else  
				{  
					$success = ['response' => 'true']; 
					try
					{
						$querys = "UPDATE users SET password = :password  WHERE userId = :uid";   
						$stmts = $db->prepare($query);    
						$stmts->bindValue(':password', password_hash($post['password'], PASSWORD_DEFAULT));  
						$stmts->bindValue(':uid', $uid);  
						$stmts->execute();   
						
					}
					catch(Exception $e)
					{
						$errors[] = ["name" => "cpassword", "error" => "Something went wrong contact the administrator or try again later"];
					} 
					
				}  
			}
		}
			catch(Exception $e)
		{
			$errors[] = ["name" => "cpassword", "error" => "Something went wrong contact the administrator or try again later"];
		} 
	}
		
	
}

header('Content-Type: application/json');
if (empty($errors))
{
echo json_encode($success);
}
else
{
echo json_encode(["errors" => $errors]);
}
[/php]

    $querys = "UPDATE users SET password = :password  WHERE userId = :uid";   
$stmts = $db->prepare($query);

    Might wanna start using more meaningful variable names....

      It's been awhile since I looked at anything, stmts seemed a lazy way of writing statements and hmm yeah

        I think the important variable name issue here is defining the SQL in $querys but then prepare()-ing it using $query. 😉

          Yeap, I'm not sure about embedding an extra try but it works

            Thanks to Weedpacket I now have Leon Bambrick's quote (after Phil Karlton) on the cube wall here, regarding both the naming of things and cache invalidation and off-by-one errors. 🙂

            Well I did write a new class today because of a typing mistake, practice makes...wait no what is signs of insanity again?

              In this state, that would be doing the same thing but expecting different results, going outside mostly naked in January (or complete so in any month), or voting liberal/democratic.

                Write a Reply...