9

I am creating a simple login feature in php for my website, now I tried everything before and it worked well, then I decided to reorganize my files by grouping all my functions together in one file, my database settings and connection in another file and my session configuration (for running on my localhost) in yet another file.

The point for me doing this is simply to keep my code clean and organized and easy to understand for me in the future.

This is my login page:

<?php
    include('session-config.php');
    include('dbconnection.php');
    include('functions.php');
    include('password_hash_lib/password.php');

    if (isset($_POST['data']))
    {
        $data = $_POST['data'];
        $auth = json_decode($data);
        $user_email = $auth->Email;
        $user_pass = $auth->Password;
        authenticate($user_email, $user_pass);
    }

    function authenticate($Email, $Password)
    {   
        $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
        $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
        $result = $db->query($sql);
        $User = $result->fetch_object();

        if ($User->user_email == '')
        {
            header("Location: login-page.html?msg=failed");
        }

        if (password_verify($Password, $User->user_password_hash))
        {
            $_SESSION["user_auth_details"] = $User->user_id . "+" . $User->user_email . '+' . $User->user_name . "+" . $User->user_display_image . "+" . $User->user_display_name;
            header("Location:" . $_SESSION['page_url']);
        }
         else {
            header("Location: login-page.html?msg=failed");

         }
    }

?>

And this is my database connection file:

<?php
    $db = new mysqli("xxxxxxxxxxxxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxx");
    if($db->connect_errno > 0){
        die('Unable to connect to database [' . $db->connect_error . ']');
    }
?>

As you can see I have included the dbconnection.php file in my login.php but whenever I try to call the authenticate() function, this error is returned:

Notice: Undefined variable: db in C:\xampp\htdocs\xxxxxxxx\login.php on line 27

Fatal error: Call to a member function query() on a non-object in C:\xampp\htdocs\xxxxxxx\login.php on line 27

Now I'm a bit confused about this, since I have $db defined in my dbconnection.php file and I have include that file in my login.php page, I expected that to work or am I wrong?

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Blank EDjok
  • 732
  • 2
  • 14
  • 33

3 Answers3

7

You have to globalize the variable before using in a function.
Just add this line at the top of your function:

function authenticate($Email, $Password)
    {   
         global $db;
         $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
         $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
         $result = $db->query($sql);
         $User = $result->fetch_object();
    ...
Ahmad
  • 5,551
  • 8
  • 41
  • 57
4

Add global $db; to the beginning of your authenticate function.

However, I strongly recommend you learn about PDO: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

Your code is currently unsafe

Nathan H
  • 48,033
  • 60
  • 165
  • 247
1

check whether your database is connected or not. use connection code like this:

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
Priya jain
  • 753
  • 2
  • 5
  • 15