So I'm pretty confused by this.
I have a header that logins to my mysql server for me, so I have the same mysql initialization information all contained in 1 file so if updates need to be made it can be done to all files easily.
I also have another header that uses the mysql initialization header to check the query string appended to the URL. It looks for username and password information and verifies it is in the database, if it is not in the database the server sends a different page saying they lack valid login credentials and serves up another page.
header.php
<?php
$host = "host";
$dbUsername = "user";
$dbPass= "pass";
$db = "user";
ini_set('display_errors', 'On');
$conn = new mysqli($host,$dbUsername,$dbPass,$db);
if($conn->connect_error) {
die("Connection to server failed!: " . $conn->connect_error);
}
if(empty($_POST) == false)
{
$username = $_POST['username'];
$password = $_POST['password'];
}
else if(empty($_GET) == false)
{
$username = $_GET['username'];
$password = $_GET['password'];
}
?>
<!-- Put this inside php tags in a form so posts get sent with the proper username and data
echo "<input type='hidden' name='username' value='" . $username . "'/>";
echo "<input type='hidden' name='password' value='" . $password . "'/>";
-->
invalidlogin.php
<?php
if(empty($conn) == true)
{
include("includes/header.php");
}
?>
<?php
$validlogin = false;
if(empty($username) == false && empty($password) == false)
{
if(!($stmt = $conn->prepare("SELECT id FROM user WHERE username=? AND password=?"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("ss",$username,$password))){
echo "Username check bind param failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($id))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
$stmt->fetch();
if(empty($id) == false)
$validlogin = true;
}
if($validlogin == false)
{
?>
<html>
<head>
<title>Database Restaraunts</title>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="stylesheet.css" />
</head>
<body>
<div class="container">
<div class="jumbotron">
<a href="index.php">
<h3>Restaraunt Database Project</h3>
</a>
</div>
<div class="login_container">
<a href="index.php"><h3>Invalid Login Credential. Return to main page and login.</h3></a>
</div>
</div>
</body>
</html>
<?php
exit(0);
}
?>
Both of these files will be included in 90% of my other pages. Both these pages work together. However, when I include both in a 3rd file they both continue to function but the sql connection from the header.php no longer works in the 3rd file they are both included in. Error at first query encountered in the 3rd file.
Notice: Trying to get property of non-object in /nfs/stak/students/l/lewisch/public_html/select.php on line 38
Notice: Trying to get property of non-object in /nfs/stak/students/l/lewisch/public_html/select.php on line 38 Tag prepare failed: Fatal error: Call to a member function execute() on a non-object in /nfs/stak/students/l/lewisch/public_html/select.php on line 41
The thing is when I do a dump I don't see $conn going out of scope, but that is the behaviour i'm seeing. I'm really new to PHP so I may be misunderstanding something. Note the query's used with my connection perform correctly simply if I remove the 'invalidlogin.php' include.
select.php
<?php
include("includes/header.php");
include("includes/invalidlogin.php");
?>
<html>
<head>
<title>Database Restaraunts</title>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="stylesheet.css" />
</head>
<body>
<div class="container">
<div class="jumbotron">
<?php
echo "<a href='" . "select.php?username=" . $username . "&password=" . $password . "'>\n";
?>
<h3>Restaraunt Database Project</h3>
</a>
<div>
<?php
echo "<a href='" . "user.php?username=" . $username . "&password=" . $password . "'>\n";
echo "user account: " . $username;
?>
</a>
</div>
</div>
<div class="login_container">
<form class="login">
<h3>Restaraunt Information</h3>
<div class="subform">
<label class="form_label">Tags</label><br/>
<select name="tags" multiple>
<?php
//Line 38
if(!($stmt = $conn->prepare("SELECT id, description FROM tag"))){
echo "Tag prepare failed: " . $stmt->errno . " " . $stmt->error;
}
//Line 41
if(!$stmt->execute()){
echo "Tag check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($tid,$description))
{
echo "Tag bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $tid . "'>" . $description . "</option><br/>\n";
}
?>
</select><br/>
<label>Name</label><br />
<input name="name" type="text" />
</div>
<div class="subform">
<label class="form_label">State</label><br />
<select name="state">
<option value=""></option>
<br />
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT state FROM location"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($state))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $state . "'>" . $state . "</option><br/>\n";
}
?>
</select><br />
<label class="form_label">City</label><br/>
<select name="city">
<option value=""></option>
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT city FROM location"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($city))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $city . "'>" . $city . "</option><br/>\n";
}
?>
</select><br />
<label class="form_label">Zipcode</label><br />
<select name="zip">
<option value=""></option>
<?php
if(!($stmt = $conn->prepare("SELECT DISTINCT zip FROM location WHERE zip is NOT NULL"))){
echo "Username check prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Username check execute failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->bind_result($zip))
{
echo "Username bind result failed: " . $conn->connect_errno . " " . $conn->connect_error;
}
while($stmt->fetch())
{
echo "<option value='" . $zip . "'>" . $zip . "</option><br/>\n";
}
?>
</select>
</div>
<?php
echo "<input type='hidden' name='username' value='" . $username . "'/>";
echo "<input type='hidden' name='password' value='" . $password . "'/>";
?>
<input class="btn btn-primary" type="submit" value="Search" />
</form>
</div>
</div>
</body>
</html>
<?php
unset($_POST);
?>
I think I need something like header guards but I'm not exactly sure how to go about that. I'm trying to check if the $conn variable exists and if it does don't reinitialize the server info, but that isn't working.
This is a class project so I'm sure this isn't the most secure way of doing this. It is just a proof of concept. It is a database class so I'm only being graded on the queries, the rest of the site just has to function and it was my choice to do a basic user login system attached to some other stuff. Not asking questions about information related to what I am being tested on, just why does my sql connection stop working with this additional header and how can I fix it?
