Learning PHP OOP Forgot Password

Question

Hope your holidays are going well. I am trying to learn about how to use OOP in a practical sense for a forgot password form (standard enter email, put it into mysql and send email). I already have an understanding and working version of the procedural approach. But when I am trying to slowly recode parts of my site so that they are OO.

forgot_password.php

<?php
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

//include database file
require_once('database.php');
require_once('functions.php');
require_once('includes/classes/user.php');

$user = New User;

//set Variables to empty
$error_message = "";
$success_message = "";

//check if form has been submitted
if($_POST){
  $email = test_input($_POST['email']);
  $user->forgot_password($email);
}
?>

<html>
  <head><title>Forgot Password</title></head>
    <body>
      <form action="forgot_password.php" method="POST">
      <strong>Email</strong> <input type="text" name="email"> <br>
      <input type="submit" value="Request New Password">
      </form>

      <?php echo $user->message; ?>
    </body>
</html>

    <?php
  class User{
    var $email;
    var $conn;
    var $message;

    function __construct(){
      $servername = "servername";
      $username = "username";
      $password = "password";
      $database = "database";
      // Create connection
      $conn = new mysqli($servername, $username, $password, $database);
    }

    function forgot_password($email){
      //query for userid, fname, lname, email based off of email they entered
      $sql = "SELECT user_id, first_name, last_name, email FROM users WHERE email='$email'";
      $result = $conn->query($sql);

      //if rows == 1 (email found) then insert into password_reset
      if($result->num_rows == 1){
        $row = $result->fetch_assoc();

        //delete old records so no confusion
        $sql = "DELETE FROM password_reset WHERE user_id='$row[user_id]'";
        $this->query($sql);

        $timestamp = time();
        $token = bin2hex(random_bytes(10));

        //insert into password_reset table
        $sql = "INSERT INTO password_reset (user_id, random_token, date_created) VALUES ('$row[user_id]','$token','$timestamp')";
        $result = $conn->query($sql);

        //insert email into email queue
        $message = "Hi $row[first_name] $row[last_name], <br>
        ?token=$token\">Reset Password</a>";

        $sql = "INSERT INTO email_queue (first_name, last_name, email, message, priority, date_created) VALUES ('$row[first_name]','$row[last_name]','$row[email]','$message','2','$timestamp')";
        $result = $conn->query($sql) or die($conn->error);

        $this->message = "Please check your email for further instructions.";
      }
      //else let them know email wasnt found
      else{
        $this->message = "Sorry there was an error. ";
      }
    }
  }
?>

This is the error: Notice: Undefined variable: conn in /includes/classes/user.php on line 19

Fatal error: Uncaught Error: Call to a member function query() on null in /includes/classes/user.php:19 Stack trace: #0 /forgot_password.php(21): User->forgot_password('asdf') #1 {main} thrown in /includes/classes/user.php on line 1

Answer 1

You are getting this error, because all of your class variables need to be declared the following way:

  $this->servername = "servername";
  $this->username = "username";
  $this->password = "password";
  $this->database = "database";
  // Create connection
  $this->conn = new mysqli($servername, $username, $password, $database);

and then later you should use them the same way in the other functions. $this refers to the current instance of the class. Without it the variable is lost outside the scope of the function. That is why you get "Call to a member function query() on null", because it thinks $conn is null.

The concept of "this" is not used only in PHP but in many other languages as well.