Menu
I am creating a simple login feature in php for my website, now I tried everything before and it worked well, then I decided to reorganize my files by grouping all my functions together in one file, my database settings and connection in another file and my session configuration (for running on my localhost) in yet another file.
The point for me doing this is simply to keep my code clean and organized and easy to understand for me in the future.
This is my login page:
<?php
include('session-config.php');
include('dbconnection.php');
include('functions.php');
include('password_hash_lib/password.php');
if (isset($_POST['data']))
{
$data = $_POST['data'];
$auth = json_decode($data);
$user_email = $auth->Email;
$user_pass = $auth->Password;
authenticate($user_email, $user_pass);
}
function authenticate($Email, $Password)
{
$HashedPassword = password_hash($Password, PASSWORD_DEFAULT);
$sql = "SELECT * FROM app_users WHERE user_email='$Email'";
$result = $db->query($sql);
$User = $result->fetch_object();
if ($User->user_email == '')
{
header("Location: login-page.html?msg=failed");
}
if (password_verify($Password, $User->user_password_hash))
{
$_SESSION["user_auth_details"] = $User->user_id . "+" . $User->user_email . '+' . $User->user_name . "+" . $User->user_display_image . "+" . $User->user_display_name;
header("Location:" . $_SESSION['page_url']);
}
else {
header("Location: login-page.html?msg=failed");
}
}
?>
And this is my database connection file:
<?php
$db = new mysqli("xxxxxxxxxxxxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxx");
if($db->connect_errno > 0){
die('Unable to connect to database [' . $db->connect_error . ']');
}
?>
As you can see I have included the dbconnection.php file in my login.php but whenever I try to call the authenticate() function, this error is returned:
Notice: Undefined variable: db in C:\xampp\htdocs\xxxxxxxx\login.php on line 27
Fatal error: Call to a member function query() on a non-object in C:\xampp\htdocs\xxxxxxx\login.php on line 27
Now I'm a bit confused about this, since I have $db defined in my dbconnection.php file and I have include that file in my login.php page, I expected that to work or am I wrong?
723
php $servername = "localhost"; $username = "username"; $password = "password"; $db = "dbname"; // Create connection $conn = mysqli_connect($servername, $username, $password,$db); // Check connection if (!$ conn) { die("Connection failed: " . mysqli_connect_error()); } echo "Connected successfully"; ?>
PHP Data Objects (PDO) is an extension that serves as an interface for connecting to databases. Unlike MySQLi, it can perform any database functions and is not limited to MySQL.
mysql_connect() establishes a connection to a MySQL server. The following defaults are assumed for missing optional parameters: server = 'localhost:3306', username = name of the user that owns the server process and password = empty password. The server parameter can also include a port number.
You have to globalize the variable before using in a function.
Just add this line at the top of your function:
function authenticate($Email, $Password)
{
global $db;
$HashedPassword = password_hash($Password, PASSWORD_DEFAULT);
$sql = "SELECT * FROM app_users WHERE user_email='$Email'";
$result = $db->query($sql);
$User = $result->fetch_object();
...
Add global $db; to the beginning of your authenticate function.
However, I strongly recommend you learn about PDO: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Your code is currently unsafe
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
