0

I would like to output an error message on login if the website is under maintenance however my current code doesn't work and seems to just run as if the maintenance code isn't there. I would like it so if the maintenance column in MySQL database which i have already defined as $maintenance is empty then the user can login like normal however if it contains 1 then the user will see the error message however admins with their IP in the array can still login. I have defined $maintenance in a different file which is included already in my class.user.php. Code is below.

Settings.php

$auth_user = new USER();

$site_name = $auth_user->runQuery("SELECT * FROM `settings` LIMIT 1");
$site_name->execute();
while ($show = $site_name -> fetch(PDO::FETCH_ASSOC)){
        $maintenance = $show['maintenance'];
}

Class.user.php

require_once('settings.php');

....other functions here
....other functions here
.....other functions here
.....

        public function doLogin($uname,$umail,$upass)
    {
        try
        {
            $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass, status FROM users WHERE user_name=:uname OR user_email=:umail ");
            $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
            if($stmt->rowCount() == 1) 
            {
                if(password_verify($upass, $userRow['user_pass']))
                {
                    session_regenerate_id(false);
                    return ["correctPass"=>true, "banned"=> ($userRow['status']== 1) ? true : false, "maintenance"=> ($maintenance== 1) ? true : false];

                }
                else
                {
                    return ["correctPass"=>false];
                }
            }
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
        }
    }

Login.php

$validation = $login->doLogin($uname,$umail,$upass);
if($validation["correctPass"]){
    if($validation["maintenance"]){
        if (!in_array(@$_SERVER['REMOTE_ADDR'], array('1.1.1.1'))){
            $error = "Website under maintenance";
        }
    }
    if($validation["banned"]){
        $error = "User has been banned";
    }else{
        if(Token::check($_POST['token'])) {
        $stmtt = $login->runQuery("SELECT user_id FROM users WHERE user_name=:uname OR user_email=:umail ");
        $stmtt->execute(array(':uname'=>$uname, ':umail'=>$umail));
        $userRow=$stmtt->fetch(PDO::FETCH_ASSOC);
        $_SESSION['user_session'] = $userRow['user_id'];
        $success = "Logged in successfully, redirecting..";
        header( "refresh:3;url=dashboard" );
        } else {
            $error = "Unexpected error occured";
        }
    }
}
else{
    $error = "Incorrect username/email or password";
}
Zac
  • 23
  • 1
  • 6
  • 1
    Possible duplicate of [Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?](https://stackoverflow.com/questions/16959576/reference-what-is-variable-scope-which-variables-are-accessible-from-where-and) –  Oct 03 '18 at 22:39
  • `$maintenance` is outside of the function scope for `doLogin` –  Oct 03 '18 at 22:40

1 Answers1

0

As others have pointed out in comments $maintenance is outside the scope of your doLogin function. If you are interested in just using it as a global variable, you can setup your doLogin function like this:

public function doLogin($uname,$umail,$upass)
{
    global $maintenance;
    ...

Using the global keyword allows you to access variables outside the scope of the current function. A better way would probably be to pass the $maintenance variable into the function as a parameter like this:

public function doLogin($uname,$umail,$upass,$maintenance)
{
    ...

Then just use in in your Login.php file like this:

$validation = $login->doLogin($uname,$umail,$upass,$maintenance);

Do either of those options work for you?

matt
  • 670
  • 2
  • 9
  • 18