dancojocaru2000 Posted July 13, 2015 Share Posted July 13, 2015 Yes, that one was put there by me, not a mistake! I'm coming back with another post because the problem showed by the earlier one is solved. So, here am I. From earlier post, I modified my code and finally (or not), I have reached this one: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"'); header('HTTP/1.0 401 Unauthorized'); //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.'; echo "<script type='text/javascript'> var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\"; msg = \" ... \" + msg;pos = 0; function scrollTitle() { document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++; if (pos > msg.length) pos = 0 window.setTimeout(\"scrollTitle()\",300); } scrollTitle(); </script>"; echo "<h1>To sign up, use the button below</h1>"; echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>"; echo "<br><br>"; echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>"; exit; } else { $db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru'); /* //$ID = $_SESSION['user']; //$Password = $_SESSION['pass']; */ function SignIn() { //session_start(); //starting the session for user profile page if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text { $sql = "<<<sql SELECT * FROM `UserName` WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "' AND pass ='" . $_SERVER['PHP_AUTH_PW'] . "' SQL;"; $row = $mysqli->query($sql)->fetch_array(); if(!empty($row['userName']) AND !empty($row['pass'])) { $_SESSION['userName'] = $row['pass']; echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE..."; } else { echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY..."; } } } //if(isset($_POST['submit'])) //{ SignIn(); //} } ?> Basically making a HTML 401 error and after error trying to match the info provided with the MySQL database named dan cojocaru. Here are the problems. After loading this page, guess, error! Notice: Undefined variable: mysqli in C:\xampp\htdocs\test3.php on line 41Fatal error: Call to a member function query() on null in C:\xampp\htdocs\test3.php on line 41 Please help! Quote Link to comment Share on other sites More sharing options...
boompa Posted July 13, 2015 Share Posted July 13, 2015 (edited) You are making a mysqli instance here and assigning it to the variable $db: $db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru'); Therefore, you should be calling the query method on *that* variable, $db. Edited July 13, 2015 by boompa Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted July 13, 2015 Share Posted July 13, 2015 The next error you will probably get is your query $sql = "<<<sql SELECT * FROM `UserName` WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "' AND pass ='" . $_SERVER['PHP_AUTH_PW'] . "' SQL;"; This is because you appear to have PHP herodoc syntax within the string that defines your query, this will produce an error. You should remove the herdoc demileters <<<sql and SQL; from your query. If you are going to use PHP heredoc for defining the query then it will be $sql = <<<SQL SELECT * FROM `UserName` WHERE userName = '{$_SERVER['PHP_AUTH_USER']}' AND pass ='{$_SERVER['PHP_AUTH_PW']}' SQL; // do not indent or adding thing else on the line above Next you should not be using user input (the users username/password) within your query without first sanitizing the username, see mysqli_real_escape_string or use prepared statements. Also password should not be stored as plain text in the database you should being storing the hash of the password, I recommend you use PHP password_hash function or use the backwards compatible password library Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 14, 2015 Share Posted July 14, 2015 and after you fix those things, you will still be getting an undefined variable error inside your function, since you have a variable scope problem. you need to pass the $db variable as a call time parameter into your SignIn() function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.