Jump to content

MySQL and variables help (again!1!)


dancojocaru2000

Recommended Posts

Yes, that one was put there by me, not a mistake!

I'm coming back with another post because the problem showed by the earlier one is solved.

 

So, here am I. From earlier post, I modified my code and finally (or not), I have reached this one:

<?php
 error_reporting(E_ALL);
        ini_set('display_errors', '1');
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"');
    header('HTTP/1.0 401 Unauthorized');
    //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.';
    echo "<script type='text/javascript'> 
var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\";
msg = \" ... \" + msg;pos = 0;
function scrollTitle() {
document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++;
if (pos > msg.length) pos = 0
window.setTimeout(\"scrollTitle()\",300);
}
scrollTitle();
</script>";
    echo "<h1>To sign up, use the button below</h1>";
    echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>";
    echo "<br><br>";
    echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>";
    exit;
} else {
    $db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');
    /*
    //$ID = $_SESSION['user'];
    //$Password = $_SESSION['pass'];
    */
    function SignIn()
    {
        //session_start(); //starting the session for user profile page
        if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";
            $row = $mysqli->query($sql)->fetch_array();
            if(!empty($row['userName']) AND !empty($row['pass']))
            {
                $_SESSION['userName'] = $row['pass'];
                echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
            } else
            {
                echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
            }
        }
    }
    //if(isset($_POST['submit']))
    //{
        SignIn();
    //}
}
?>

Basically making a HTML 401 error and after error trying to match the info provided with the MySQL database named dan cojocaru. Here are the problems. After loading this page, guesserror!

 

 

Notice: Undefined variable: mysqli in C:\xampp\htdocs\test3.php on line 41

Fatal error: Call to a member function query() on null in C:\xampp\htdocs\test3.php on line 41

 

Please help!

 

Link to comment
Share on other sites

You are making a mysqli instance here and assigning it to the variable $db:

 

$db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');

 

Therefore, you should be calling the query method on *that* variable, $db.

Edited by boompa
Link to comment
Share on other sites

The next error you will probably get is your query

            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";

This is because you appear to have PHP herodoc syntax within the string that defines your query, this will produce an error. You should remove the herdoc demileters  <<<sql  and  SQL;  from your query.

 

If you are going to use PHP heredoc for defining the query then it will be

            $sql = <<<SQL
                SELECT *
                FROM `UserName`
                WHERE userName = '{$_SERVER['PHP_AUTH_USER']}'
                AND pass ='{$_SERVER['PHP_AUTH_PW']}'
SQL;
// do not indent or adding thing else on the line above

Next you should not be using user input (the users username/password) within your query without first sanitizing the username, see mysqli_real_escape_string or use prepared statements.

 

Also password should not be stored as plain text in the database you should being storing the hash of the password, I recommend you use PHP password_hash function or use the backwards compatible password library

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.