Jump to content
Sign in to follow this  
dancojocaru2000

MySQL and variables help (again!1!)

Recommended Posts

Yes, that one was put there by me, not a mistake!

I'm coming back with another post because the problem showed by the earlier one is solved.

 

So, here am I. From earlier post, I modified my code and finally (or not), I have reached this one:

<?php
 error_reporting(E_ALL);
        ini_set('display_errors', '1');
session_start();
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Login to Bitcoin Double Machine, cancel to sign up"');
    header('HTTP/1.0 401 Unauthorized');
    //echo 'You canceled the login. Click <a href="test.php">here</a> to retry.';
    echo "<script type='text/javascript'> 
var msg = \"LOGIN CANCELLED. PLEASE REFRESH OR SIGN UP\";
msg = \" ... \" + msg;pos = 0;
function scrollTitle() {
document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++;
if (pos > msg.length) pos = 0
window.setTimeout(\"scrollTitle()\",300);
}
scrollTitle();
</script>";
    echo "<h1>To sign up, use the button below</h1>";
    echo "<a href=\"signup.php\" style=\"-webkit-appearance: button;-moz-appearance: button; appearance: button; text-decoration: none; color: initial\">Sign Up</a>";
    echo "<br><br>";
    echo "<iframe src=\"../401.php\" seamless style=\"width:100%;height:80%\"></iframe>";
    exit;
} else {
    $db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');
    /*
    //$ID = $_SESSION['user'];
    //$Password = $_SESSION['pass'];
    */
    function SignIn()
    {
        //session_start(); //starting the session for user profile page
        if(!empty($_SERVER['PHP_AUTH_USER'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
        {
            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";
            $row = $mysqli->query($sql)->fetch_array();
            if(!empty($row['userName']) AND !empty($row['pass']))
            {
                $_SESSION['userName'] = $row['pass'];
                echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
            } else
            {
                echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
            }
        }
    }
    //if(isset($_POST['submit']))
    //{
        SignIn();
    //}
}
?>

Basically making a HTML 401 error and after error trying to match the info provided with the MySQL database named dan cojocaru. Here are the problems. After loading this page, guesserror!

 

 

Notice: Undefined variable: mysqli in C:\xampp\htdocs\test3.php on line 41

Fatal error: Call to a member function query() on null in C:\xampp\htdocs\test3.php on line 41

 

Please help!

 

Share this post


Link to post
Share on other sites

You are making a mysqli instance here and assigning it to the variable $db:

 

$db=new mysqli('localhost', 'DanCojocaru', 'danutzsrl', 'dan cojocaru');

 

Therefore, you should be calling the query method on *that* variable, $db.

Edited by boompa

Share this post


Link to post
Share on other sites

The next error you will probably get is your query

            $sql = "<<<sql
                SELECT *
                FROM `UserName`
                WHERE userName = '" . $_SERVER['PHP_AUTH_USER'] . "'
                AND pass ='" .  $_SERVER['PHP_AUTH_PW'] . "'
            SQL;";

This is because you appear to have PHP herodoc syntax within the string that defines your query, this will produce an error. You should remove the herdoc demileters  <<<sql  and  SQL;  from your query.

 

If you are going to use PHP heredoc for defining the query then it will be

            $sql = <<<SQL
                SELECT *
                FROM `UserName`
                WHERE userName = '{$_SERVER['PHP_AUTH_USER']}'
                AND pass ='{$_SERVER['PHP_AUTH_PW']}'
SQL;
// do not indent or adding thing else on the line above

Next you should not be using user input (the users username/password) within your query without first sanitizing the username, see mysqli_real_escape_string or use prepared statements.

 

Also password should not be stored as plain text in the database you should being storing the hash of the password, I recommend you use PHP password_hash function or use the backwards compatible password library

Share this post


Link to post
Share on other sites

and after you fix those things, you will still be getting an undefined variable error inside your function, since you have a variable scope problem. you need to pass the $db variable as a call time parameter into your SignIn() function.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.