MySQL and variables help (again!1!)

[dancojocaru2000]

Yes, that one was put there by me, not a mistake!

I'm coming back with another post because the problem showed by the earlier one is solved.

 

So, here am I. From earlier post, I modified my code and finally (or not), I have reached this one:

<?php
 error_reporting(E_ALL);
        ini_set('display_errors', '1');
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"');
    header('HTTP/1.0 401 Unauthorized');
    //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.';
    echo "<script type='text/javascript'> 
var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\";
msg = \" ... \" + msg;pos = 0;
function scrollTitle() {
document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++;
if (pos > msg.length) pos = 0
window.setTimeout(\"scrollTitle()\",300);
}
scrollTitle();
</script>";
    echo "<h1>To sign up, use the button below</h1>";
    echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>";
    echo "<br><br>";
    echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>";
    exit;
} else {
    $db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');
    /*
    //$ID = $_SESSION['user'];
    //$Password = $_SESSION['pass'];
    */
    function SignIn()
    {
        //session_start(); //starting the session for user profile page
        if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";
            $row = $mysqli->query($sql)->fetch_array();
            if(!empty($row['userName']) AND !empty($row['pass']))
            {
                $_SESSION['userName'] = $row['pass'];
                echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
            } else
            {
                echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
            }
        }
    }
    //if(isset($_POST['submit']))
    //{
        SignIn();
    //}
}
?>

Basically making a HTML 401 error and after error trying to match the info provided with the MySQL database named dan cojocaru. Here are the problems. After loading this page, guess, error!

 

 

Notice: Undefined variable: mysqli in C:\xampp\htdocs\test3.php on line 41

Fatal error: Call to a member function query() on null in C:\xampp\htdocs\test3.php on line 41

 

Please help!

 

[boompa]

You are making a mysqli instance here and assigning it to the variable $db:

 

$db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');

 

Therefore, you should be calling the query method on *that* variable, $db.

[Ch0cu3r]

The next error you will probably get is your query

            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";

This is because you appear to have PHP herodoc syntax within the string that defines your query, this will produce an error. You should remove the herdoc demileters  <<<sql  and  SQL;  from your query.

 

If you are going to use PHP heredoc for defining the query then it will be

            $sql = <<<SQL
                SELECT *
                FROM `UserName`
                WHERE userName = '{$_SERVER['PHP_AUTH_USER']}'
                AND pass ='{$_SERVER['PHP_AUTH_PW']}'
SQL;
// do not indent or adding thing else on the line above

Next you should not be using user input (the users username/password) within your query without first sanitizing the username, see mysqli_real_escape_string or use prepared statements.

 

Also password should not be stored as plain text in the database you should being storing the hash of the password, I recommend you use PHP password_hash function or use the backwards compatible password library

[mac_gyver]

and after you fix those things, you will still be getting an undefined variable error inside your function, since you have a variable scope problem. you need to pass the $db variable as a call time parameter into your SignIn() function.