DevinGray Posted July 28, 2015 Share Posted July 28, 2015 I am trying to migrate to a newer version of PHP and am having a problem with the following code function auth($username, $password) {// hash password using md5 encryption$hash_pass = md5($password);// prepare SQL query$username = mysqli_real_escape_string($username);$query = "SELECT * FROM `area51_users` WHERE `user_name`='".$username."'";if ($result = mysqli_query($Connection, $query) or die (mysqli_error()." (query not executed)")) { if (mysqli_num_rows ($Connection, $result) > 0) { // record exitsif ($row = mysqli_fetch_assoc($result) or die (mysqli_error())) {if ($hash_pass == $row['user_password']) {// password is valid// setup sessonsession_start();$_SESSION['username'] = $username;$_SESSION['CMS_AUTH'] = "YES";return true;}else {return false;}}else {return false;}}else {return false;}}} Can anybody please point me in a direction from here? config.php functions_security.php login.php Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted July 28, 2015 Share Posted July 28, 2015 With the mysqli_* functions most require the mysqli instance (in your case $Connection) to be passed to them when they are called. This you are doing. The problem is you are using mysqli instance ($Connection) inside your own function. Functions have their own variable scope. Meaning, variables that are defined outside of them function is not available within the function. To get around this you need to pass $Connection as another argument to the auth function when you call it (Or be lazy and define it as global) . This is how your function should be defined in functions_security.php function auth($Connection, $username, $password) { Then when calling the function in login.php $auth = auth($Connection, $username, $password); Other changes you need to make in functions_security.php are Line 11 needs to be changed to use mysqli_real_escape_string $username = mysqli_real_escape_string($Connection, $username); mysqli_error requires the mysqli instance ($Connection) when using it. eg mysqli_error($Connection) You should not use md5 for hashing passwords, instead you should use PHP's password_hash library for hashing/checking users passwords (if you are not using PHP5.5 then use this password compatibility library). 1 Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted July 28, 2015 Share Posted July 28, 2015 It could be the use of short tags <? ?>, use full <?php ?> tags http://php.net/manual/en/language.basic-syntax.phptags.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.