0

So i am new to php and basically what i am trying to do is to create a login page and then i am checking for the username and the password from my database by calling a function called and after it has been verified it returns the array which contains the user name to the calling function which is login.php . and then i redirect it to another page which shows that the user i s logged in and displays the username but the problem i face is that there is only the first chracter of the user name stored in it here is the login code

<?php session_start();?>
<?php require_once("../includes/functions.php");?>
<?php
$username="";
$message="";
if(isset($_POST['submit']))
{       
    $username=$_POST["username"];
    $password=$_POST["password"];

    $found_admin=attempt_login($username,$password,$connection);
    if($found_admin)
    {   
        $use=$found_admin["username"];
        $_SESSION["username"]=$use;
        header("Location:admin.php");
        exit;
    } else {
        $message="Username/Password not found";
    }
}

And here is the function which checks for the username and password

<?php session_start():> 
function attempt_login($username,$entered_password,$connection)
    //passing the $connection variable to establish the connection with the database
{
    //checking for username and password match if found
    $safe_username=mysqli_real_escape_string($connection,$username);//making the string harmless by using this function
    $query=" select * from admin where username = '{$safe_username}' ";//query to check if the username value is matched an found

    $result=mysqli_query($connection,$query);//fetch object
    $obj=mysqli_fetch_assoc($result);//storing the object value in an array
    confirm_query($result,$connection);//confirm if query has been passed
    $hashed_password=$obj["password"];//storing the value of array password into a variable
    $user=$obj["username"];

    $pass=password_verify($entered_password,$hashed_password);//checking for the password match

    if($pass)//if password match is found
    {
        return $user;
    }else{
        return null;
    }
}
?>

So when i perform a var_dump on the variable $found_admin i get the full string .But when i perform a var_dump on $_SESSION["username"] i get the following warning 'Illegal string offset 'username'' and it only displays the first character of the string not the full string.

I am trying to solve this problem for past 5 days but couldn't find any solution.PLEASE HELP .

Ashirbad Samantaray
  • 35
  • 7
  • can show what does the var_dump of $found_admin contains – Arun Kumaresh Jun 03 '17 at 08:48
  • In $user what you have got? – dekts Jun 03 '17 at 08:50
  • Here is what i get from function bhola Warning: Illegal string offset 'username' in C:\xampp\something\login.php on line 13 string(5) "bhola" – Ashirbad Samantaray Jun 03 '17 at 08:51
  • $use returns only the first character @dekts – Ashirbad Samantaray Jun 03 '17 at 08:53
  • **Wholly unreadable Batman** Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Jun 03 '17 at 08:53
  • Add [error reporting](http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php/845025#845025) to the top of your file(s) _while testing_ right after your opening PHP tag for example ` – RiggsFolly Jun 03 '17 at 08:54
  • Then you may have seen the error i.e. on the first line `` What is `:>` doing there – RiggsFolly Jun 03 '17 at 08:55
  • Already set on in php.ini @RiggsFolly – Ashirbad Samantaray Jun 03 '17 at 08:55
  • It is not necessary to keep turning PHP on and off all over the script _and does not make reading the code any easier_ – RiggsFolly Jun 03 '17 at 08:57
  • `;>` **Still wrong** Please remember **we can only** debug what you **show us**. – RiggsFolly Jun 03 '17 at 08:58
  • have you printed $obj ?????? If yes then show the result please – dekts Jun 03 '17 at 08:59
  • You've got multiple session_start() calls. This won't help anything. – Nick Jun 03 '17 at 09:00
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jun 03 '17 at 09:03
  • I think you are getting multiple sessions running. Try commenting out all the session_start() calls for now. – Nick Jun 03 '17 at 09:06
  • @dekts thanks for pointing out . Instead of returning $user i returned $obj and then passed the username into the session and got the full string ;). But i still couldn't understand why $user had an error – Ashirbad Samantaray Jun 03 '17 at 09:45
  • @RiggsFolly thanks for pointing out the errors this is my first php program .I will make sure to avoid the mistakes – Ashirbad Samantaray Jun 03 '17 at 09:46

0 Answers0