Similar Function, Different Error, Trying To Get Property Of Non-Object,

una.bicicleta · November 9, 2013, 8:51am

Hi, everyone,

I’m stuck with this piece of code below.

I have two action in controller (actionChangePassword and actionResetPassword) using similar ‘saveNewPassword’ function in two model (changePassword and resetPassword), but one of the action (actionResetPassword) gave me an error: ‘Trying to get property of non-object’ when I tried to retrieve salt value.

file /model/ChangePasswordForm and /model/ResetPasswordForm :


    

    public function saveNewPassword()

    {

        //retrieve salt from user table

	$sql = "SELECT username,salt FROM user WHERE username=:username LIMIT 1";

	$model=User::model()->findBySql($sql, array(':username'=>Yii::app()->user->name));


        //this line gave me an error in actionResetPassword

        $test = $model->salt;

file /controller/UserController :




	public function actionResetPassword($username,$reset_code)

	{

		$model=new ResetPasswordForm();


		$sql = "SELECT username,reset_password,EXTRACT(HOUR from TIMEDIFF(NOW(),reset_date)) AS how_long

                        FROM user WHERE username=:username and reset_password=:reset_password ";

		$connection = Yii::app()->db;

		$command = $connection->createCommand($sql);	

		$command->bindParam(":username", $username, PDO::PARAM_STR);

		$command->bindParam(":reset_password", $reset_code, PDO::PARAM_STR);	

		$result = $command->queryRow();	

		

		if($result===null) {

			// invalid username or reset_password code

			$model->addError('reset_password', 'Username or Reset Code not found!');

		} elseif ($result['how_long'] > 12) {

                        // reset code expired

			$model->addError('reset_password', 'Reset Code expired!');

		} else {

			if (isset($_POST['ResetPasswordForm'])) {

				$model->setAttributes($_POST['ResetPasswordForm']);

				if ($model->validate()) {

					$model->saveNewPassword();

					$this->refresh();	

					// todo

				} else {

					// todo

				}

			}

		}

		$this->render('resetpassword', array('model'=>$model));	

	}

	

	

	public function actionChangePassword()

	{

		$model=new ChangePasswordForm();

		if (isset($_POST['ChangePasswordForm'])) {

			$model->setAttributes($_POST['ChangePasswordForm']);

			

			if ($model->validate()) {

				$model->saveNewPassword();

				$this->refresh();	

				// todo

			} else {

				// todo

			}

		}

		$this->render('changepassword', array('model'=>$model));

	}

I can avoid the error in actionResetPassword by using this line:


        $test = $model['salt'];

But I didn’t understand why saveNewPassword() function is working in one controller/model and not to the other.

Btw, sorry for my English.

Thanks in advance.

Angel_De_La_Noche · November 9, 2013, 8:39pm

You should add extra check to saveNewPassword() in case of User is not found.

You’re using condition based on user’s logged state (Yii::app()->user->name), it’s not reliable.

una.bicicleta · November 9, 2013, 9:44pm

Thanks, here is my latest source code for saveNewPassword() in /model/ResetPasswordForm :




    public function saveNewPassword()

    {

        $safeUsername =  CHtml::encode($_GET['username']); //username from a reset password link


	$sql = "SELECT salt FROM user WHERE username=:username LIMIT 1";

	$model=User::model()->findBySql($sql, array(':username'=> $safeUsername ));