Jump to content

$row['index here'] outputs null


phreak3r

Recommended Posts

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$username = $_POST['username'];
		$password = $_POST['password'];
		$user_query = $pdo->query("SELECT * FROM profiles001 WHERE username = '$username'");
                $row = $user_query->fetchAll(PDO::FETCH_ASSOC);

		// if username and password match, init session and redirect to another page.
		if ($row == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
                        echo var_dump($row); echo var_dump($row['password']); echo var_dump($row['username']); echo var_dump($row['email']);
			echo "Incorrect username or password.";
		}
	}
?>

This code is responsible for authenticating the user upon logging in. I went ahead and updated the mysqli portion to PDO. As you can see I var_dump some variables near the end. Variable $row prints out as array(1) { [0]=> array(9) { ["username"]=> string(4) "test" ["password"]=> string(60) "$2y$10$uQEUsIwm0usWyZjWk/vo8e90e867oPLBu3ThKCk1aUseMcQuuHrVq" ["avatar"]=> string(15) "assets/soap.jpg" ["doc"]=> NULL ["las"]=> NULL ["email"]=> string(13) "test@test.org" ["c_status"]=> string(1) "0" ["account_age"]=> NULL ["bio"]=> string(4) "test" } }. The other three print out as NULL. What exactly is going on here?

Link to comment
Share on other sites

Let me put it this way:

$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

a) Describe using English what $row will be. Not according to what you think it is but according to what the code says it will be.
b) Does that match what you think $row will be? Is there perhaps a simple change you can make here that will bring it into line with your expectations?

Link to comment
Share on other sites

3 hours ago, requinix said:

Let me put it this way:


$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

a) Describe using English what $row will be. Not according to what you think it is but according to what the code says it will be.
b) Does that match what you think $row will be? Is there perhaps a simple change you can make here that will bring it into line with your expectations?

Here is what they mysqli version looked like:

<?php
include('header.php');
require('dbcon/dbcon.php');

	// if fields in form are set and submitted, check if user exists and is logged in or not
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		$username = mysqli_real_escape_string($conn, $_POST['username']);
		$password = mysqli_real_escape_string($conn, $_POST['password']);
		$user_query = "SELECT * FROM profile0 WHERE username = '$username'";
		$result = mysqli_query($conn, $user_query);
		$row = mysqli_fetch_assoc($result);

		// if username and password match, init session and redirect to another page.
		if (mysqli_num_rows($result) == 1 && password_verify($password, $row['password'])) {
			$_SESSION['logged_in_user'] = $username; // set to IDnum later on...
			$_SESSION['username'] = $username;		
			// check if the user is logged in
			// if so, redirect to main page for logged-in users.
			if (isset($_SESSION['logged_in_user'])) {
				$_SESSION['logged_in_user'] = TRUE;
				header('Location: main.php');

			} else {
				// not logged in, keep on same page...
				session_destroy();
				exit();
			}
		} else if ($username != $row['username'] || $password != $row['password']) {
			echo "Incorrect username or password.";
		}
	}
?>

 

Link to comment
Share on other sites

Compare:

$row = $user_query->fetchAll(PDO::FETCH_ASSOC);
$row = mysqli_fetch_assoc($result);

I'm sure that if you take the minute to do what I said about understanding precisely what each line does then you would figure out what's going on.

Link to comment
Share on other sites

10 minutes ago, requinix said:

Compare:


$row = $user_query->fetchAll(PDO::FETCH_ASSOC);

$row = mysqli_fetch_assoc($result);

I'm sure that if you take the minute to do what I said about understanding precisely what each line does then you would figure out what's going on.

From my understanding it fetches result from or of the array?

Link to comment
Share on other sites

My bad.  I do apologize.  I was misreading your code and having a major brain f..... and thought you were doing a prepare followed by a fetch.  Mad bad again... 

To speed things up here, the fetchall function is handy if you need to retrieve ALL of the results in a new array of the row contents which would be a multi-dimensional array.  In your case where I don't think you will need to do that kind of handling and also because you are probably only going to get a single record, you'll want to use the Fetch function to retrieve the one row with the desired user name.

You might want to add some error checking after the query call to be sure you ran successfully and then maybe even a check of the row count to be sure you got a row and only one row.  Assuming things are always going to run smoothly is bad programming practice.

Link to comment
Share on other sites

On 1/7/2019 at 9:07 PM, requinix said:

So you know what the problem is now, right?

Yes, however, that was not really the issue. Not sure if this is the solution I am looking for, but I changed $row == 1 && password_verify($password, $row['password']) to $row['username'] == $username && password_verify($password, $row['password']. But, thank you.

Link to comment
Share on other sites

On 1/7/2019 at 3:54 PM, ginerjm said:

My bad.  I do apologize.  I was misreading your code and having a major brain f..... and thought you were doing a prepare followed by a fetch.  Mad bad again... 

To speed things up here, the fetchall function is handy if you need to retrieve ALL of the results in a new array of the row contents which would be a multi-dimensional array.  In your case where I don't think you will need to do that kind of handling and also because you are probably only going to get a single record, you'll want to use the Fetch function to retrieve the one row with the desired user name.

You might want to add some error checking after the query call to be sure you ran successfully and then maybe even a check of the row count to be sure you got a row and only one row.  Assuming things are always going to run smoothly is bad programming practice.

Okay, thank you.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.