OOP PHP CRUD problem - registration/login system

I am working on a tutorial for a login crud system. My problem is a bit stupid but for some reason I am having a difficult time figuring it out. Before I attach the code I will try to explain. I have a Users class that has a few methods that will delete a ‘remember me’ token if the cookie is hacked. The token is stored in a database table “B”. The main Users table “A” holds the primary id. Table “B” holds the foreign key “user_id”. My script detects if the cookie was tampered with, then this activates the script to delete the token in table “B”. First, I am unable to figure out how to get the current session user id, and second, how to use that to access table “B” id that is attached to given user_id.

Current session user → Table A id → table B user_id → table B id

If you look at method “updateRememberCredentials” there is a number 41 in the code. This was a test. One of the id’s in table “B” was 41. When you directly place the table “B” id number in this place all the code works perfectly. Unfortunately I need to dynamically access the data from the current user as stated above. If anybody can help I would appreciate the assistance.

I will paste some of my code. Please don’t hesitate to ask if more code is needed. BTW, the code is oop, which I am new to. Thanks

User class

           class User {        
    private $_db,

public function __construct($user = null) {
	$this->_db = DB::getInstance();	
	$this->_sessionName = Config::get('session/session_name');
	$this->_cookieName = Config::get('remember/cookie_name');
	if(!$user) {
		if(Session::exists($this->_sessionName)) {
			$user = Session::get($this->_sessionName);   
			if($this->find($user)) {
				$this->_isLoggedIn = true;
			} else {
				$this->_isLoggedIn = false;                                             
	} else {

public function update($fields = array(), $id = null) {			
	if(!$id && $this->isLoggedIn()) {
		$id = $this->data()->id;
	if(!$this->_db->update('users', $id, $fields)) {
		throw new Exception('There was a problem in the update process');
    public function updateRememberCredentials($identifier, $token) { 
      $this->_db->update('users_session', 41, array(
       'remember_identifier' => $identifier,
       'remember_token' =>  $token  

DB class

         public function query($sql, $params = array()) {
    $this->_error = false;
    if($this->_query = $this->_pdo->prepare($sql)) {                
        $x = 1;
        if(count($params)) {
            foreach($params as $param) {
                $this->_query->bindValue($x, $param);

        if($this->_query->execute()) {               
            if(substr($sql, 0, 6) === "SELECT"){
                $this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
            } else {
                 $this->_results = null;
            $this->_count = $this->_query->rowCount();
        } else {
            $this->_error = true;
    return $this;

  public function action($action, $table, $where = array()) {
	if(count($where) === 3) {
		$operators = array('=', '>', '<', '>=', '<=');
		$field		= $where[0];
		$operator	= $where[1];
		$value		= $where[2];
		if(in_array($operator, $operators)) {
			$sql = "{$action} FROM {$table} WHERE {$field} {$operator} ?";
			if(!$this->query($sql, array($value))->error()) {
				return $this;
	return false;

   public function get($table, $where) {
	return $this->action('SELECT *', $table, $where);
   public function update($table, $id, $fields = array()) { 
	$set = null;
	$x   = 1;
	foreach($fields as $name => $value) {
		$set .= "{$name} = ?";
		if($x < count($fields)) {
			$set .= ', ';
	$sql = "UPDATE {$table} SET {$set} WHERE id = {$id}";  
	if(!$this->query($sql, $fields)->error()) {
		return true;
	return false;

This is the last thing I tried with no success.

    $id = $this->_db->get("SELECT users_session.id
        FROM users_session  
        LEFT JOIN users
        ON users_session.user_id=users.id
        WHERE users.id=:id");

Then I tried to place $id into the place where the number 41 is placed above.

Database structure
Note: “users_session” is table “B”.
Also note that the “41” below is the same “41” as above in the test code in "Public Function

    Table “A”
 |    id   |  username   |
      28       billybob 

     Table “B”
 |     id     |     users_id      |        code            |
      41               28               4q56455ad

Never mind everybody. I finally figured it all out. It works like a charm now. Thanks

I glad you got it working, but it seems to me that doing a token for “remember me” feature is fruitless. Well, maybe not fruitless, but ineffective as it takes testing of security code and people are trained purposely for that reason. Though this is just my opinion, but if you are following a tutorial you should be OK? Though I find tutorials get outdated fast (especially when it comes to security) and that is why I don’t attempt to do tutorials. The one nice feature of object-oriented programming is the ability to protect variables and methods along with using prepared statements when saving to a database table.

public $id;
public $first_name;
public $last_name;
public $email;
public $username = [];
static public $error = [];
protected string $password;
static public $last_login;

I just have a login in class and call it a day myself. I’m no security expert, so this is just my opinion. The only thing I get concerned about is CSRF attacks and there I do use a token though I follow the true tested method from tuturials.

Sponsor our Newsletter | Privacy Policy | Terms of Service