0
    <?php

    class Login
    {

    private $dbh = null;
    private $dsn ,$host, $username , $password= null;

    public $errors = array();

    public $messages = array();


    public function __construct()
    {

    session_start();
    require_once 'dbconfig.php';
    if (isset($_GET["logout"])) {
        $this->doLogout();
    }
    elseif (isset($_POST["login"])) {
        $this->dologinWithPostData();
    }
    }


    private function dologinWithPostData()
    {

    if (empty($_POST['user_name'])) {
        $this->errors[] = "Username field was empty.";
    } 
    elseif (empty($_POST['user_password'])) {
    $this->errors[] = "Password field was empty.";
    } 
    elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
        $this->$dsn = "mysql:host=$host;dbname=$dbname"; // $dbname is empdb as in dbconfig.php
        $this->$dbh = new PDO($dsn, $username, $password);
        $this->$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);





    if (!$this->dbh->set_charset("utf8")) {
    $this->errors[] = $this->dbh->error;
    }
    if (!$this->dbh->connect_errno) {
        $user_name = $this->dbh->real_escape_string($_POST['user_name']);
        $sql = "SELECT user_name, user_email, user_password_hash
        FROM users
        WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
        $result_of_login_check = $this->db_connection->query($sql);

        if ($result_of_login_check->num_rows == 1) {
        $result_row = $result_of_login_check->fetch_object();
        if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {

        $_SESSION['user_name'] = $result_row->user_name;
        $_SESSION['user_email'] = $result_row->user_email;
        $_SESSION['user_login_status'] = 1;

        }
    else {
        $this->errors[] = "Wrong password. Try again.";
        }
    }
    else {
        $this->errors[] = "This user does not exist.";
        }
    } 
    else {
        $this->errors[] = "Database connection problem.";
    }
    }
    }

    public function doLogout()
    {

    $_SESSION = array();
    session_destroy();

    $this->messages[] = "You have been logged out.";
    }


    public function isUserLoggedIn()
    {
        if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
        return true;
    }
    // default return
    return false;
    }

I have been trying to make a php login page using session in php. But after I enter values to login page I get errors like:

Undefined variable: host in www\proj\Login.php on line 38

Undefined variable: dbname in \www\proj\Login.php on line 38

Undefined variable: dsn in \www\proj\Login.php on line 38

Cannot access empty property in \www\proj\Login.php on line 38

Is it the query which is causing problems or have I included db.config wrongly. I have included the dbconfig.php file which has initialization of all these variables.

cRAN
  • 195
  • 1
  • 2
  • 16
  • possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – Qirel Sep 26 '15 at 13:05
  • 1
    Class properties are accessed using `$this->host`, not simply `$host` (the latter is used for local scope variables) – Mark Baker Sep 26 '15 at 13:07
  • So should I include $this->$host in the query itself @MarkBaker – cRAN Sep 26 '15 at 13:10
  • Now I am stuck with this : Catchable fatal error: Object of class Login could not be converted to string. :/ @MarkBaker – cRAN Sep 26 '15 at 13:15
  • `$this->$dsn = "mysql:host={$this->host};dbname=$dbname";`... though I can't see anwhere you're defining `$dbname` anywhere in the scope of the class – Mark Baker Sep 26 '15 at 13:16
  • `$this->$dbh = new PDO($this->dsn, $this->username, $this->password);` – Mark Baker Sep 26 '15 at 13:16
  • And as you're using PDO, learn to use prepared statements with bind variables – Mark Baker Sep 26 '15 at 13:17
  • that's defined in the config file i had included "require_once dbconfig.php" – cRAN Sep 26 '15 at 13:17
  • Simply defining a variable somewhere in a script doesn't make it accessible from everywhere in your script.... variables have [scope](http://www.php.net/manual/en/language.variables.scope.php) – Mark Baker Sep 26 '15 at 13:18
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/90678/discussion-between-cran-and-mark-baker). – cRAN Sep 26 '15 at 13:22

0 Answers0