2

Login functionality of a client's site isn't working with the visual update I'm giving it. A large part of the site is also running on outdated php so I'm updating it.

I'm currently working on the Q&A portion of the site.

index.php force redirects to login.php if user isn't logged in; login.php references a config file called define.mysqli.php that establishes a connection to the db, while also requiring a func.php file has contains a numerous amount of functions such as getQuestions() and getUserInfoById(); connection is fine, but the functionality of the site itself isn't working due to errors such as mysqli_real_escape_string(): Couldn't fetch mysqli in login.php (error 1), there are undefined variables in the func.php file (error 2), mysqli_query() expects parameter 1 to be mysqli, null given in func.php (error 3)

I just need a hand pinpointing what else I need to change. The other questions on StackOverflow have been too simple; I understand what changes I need to make but there's too much that I'm working with and I work as a jr dev w/out a sr dev as a mentor.

Error 1: mysqli_real_escape_string(): Couldn't fetch mysqli in login.php

//top of code
<?php
//Display errors; COMMENT OUT WHEN NOT DEBUGGING
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
//DB
require('lib/func.php');

//The function looks like this
//Checks if user is already logged in and redirects.
if (isset($_SESSION['user'])){
$user = getUserInfo($_SESSION['user']);

if ($user != null) {
    if ($user['admin'] == 1) {
        header('Location: admin.php');
        exit;
    } else {
        header('Location: login.php');
    }
}
}
if (isset($_POST)){
if(sizeof($_POST) > 0) {
$user = mysqli_real_escape_string($link, trim($_POST['username'])); //error
$pass = mysqli_real_escape_string($link, trim($_POST['password'])); //error
if(isValidAdminUser($user,$pass)) {
    persistUser($user);
    header('Location: admin.php');
    exit;
} elseif(isValidStateUser($user,$pass)) {
    persistUser($user);
    header('Location: /');
    exit;
} else {
    $error = "Invalid username or password";
     }
   }
}
//what am i missing from this? what's am i doing wrong/needs improvement?

Error 2: undefined variables in func.php

//top of file
<?php
include("define.mysqli.php");
if(!isset($_SESSION)){
session_start();
}
//....
function isValidAdminUser($uname,$pass) {
$query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
$result = mysqli_query($link, $query) or die(mysqli_error($link)); //error
if(mysqli_num_rows($result) > 0) {
    $user = mysqli_fetch_array($result); //error
     if(md5($pass) == $user['password'])
        return true;
 }
 return false;
 }

 //the original code was 
   function isValidAdminUser($uname,$pass) {
    $query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
    $result = mysql_query($query) or die(mysql_error()); //error

if(mysqli_num_rows($result) > 0) {
            $user = mysqli_fetch_array($result); //error
               if(md5($pass) == $user['password']) {
            return true;
       }
   }
 return false;
 }
 //i changed it to mysqli best i could but $link is undefined???

Error 3: mysqli_query() expects parameter 1 to be mysqli, null given in func.php

//in same code as above

this is what my config file (define.mysqli.php) looks like

   <?php
    # FileName="Connection_php_mysql.htm"
    # Type="MYSQL"
    # HTTP="true"
    if(!isset($_SESSION)){
    session_start();
    }
    if(!defined("DATABASE_PREFIX"))
    define("DATABASE_PREFIX","dbr_");
    $hostname = "127.0.0.1";
    $username = "*correct_username";
    $password = "*correct_password";
    $database = "*correct_database";
    $link = mysqli_connect($hostname, $username, $password, $database);

    if(!$link) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
    }

    //echo "Success: Established MySQL connection." . PHP_EOL;
    //echo "Host Information: " . mysqli_get_host_info($link) . PHP_EOL;

    mysqli_close($link);
    ?>

I'm trying my best to change the parameters from mysql_* to mysqli_* correctly but I don't know what I'm missing.

greatscott25666
  • 41
  • 3
  • 1
    +1! Welcome to SO. Finally some question on SO with the effort to form a good one! Well done! Could you locate the error lines and mark them by comments in code using the edit link below the question? – Pinke Helga Feb 07 '19 at 04:17
  • 4
    In your config file you open the connection then close it. Thus the link is going to be null. Don't escape you sql data use prepared statements. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php – Jason K Feb 07 '19 at 04:18
  • 3
    since you're migrating why not go the PDO route instead? might save you some headache down the line. – comphonia Feb 07 '19 at 04:54
  • I'm working with old code and on a deadline, and I don't know how to create a PDO, but I'll try. I saw that in other posts but was hesitant. In the meantime I'll remove the escape I have. I added comments on which mysqli extensions have errors (I'm not setting the parameters correctly) – greatscott25666 Feb 07 '19 at 15:21
  • Does this answer your question? [How to change mysql to mysqli?](https://stackoverflow.com/questions/1390607/how-to-change-mysql-to-mysqli) – Dharman Mar 29 '20 at 21:26

0 Answers0