-2

I just finished coding my login page, and I have these problems showing up, do you have any idea?

[Tue Mar 9 22:55:11 2021] PHP Notice: Undefined variable: rounds in /home/swan/Epitech/Tweet_academie/html/connexion.php on line 28 [Tue Mar 9 22:55:11 2021] PHP Notice: Undefined variable: sfopdgijtsposrigjsotij in /home/swan/Epitech/Tweet_academie/html/connexion.php on line 28

[Tue Mar 9 22:55:11 2021] PHP Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '='swan.marin@gmail.com' AND password='$65I6KH/.1F1w'' at line 1 in /home/swan/Epitech/Tweet_academie/db/connexiondb.php on line 37 [Tue Mar 9 22:55:11 2021] PHP Notice: Trying to access array offset on value of type bool in /home/swan/Epitech/Tweet_academie/html/connexion.php on line 32

<html>

<?php
session_start();
include('../db/connexiondb.php'); // Fichier PHP contenant la connexion à votre BDD
 
// S'il y a une session alors on ne retourne plus sur cette page  
if (isset($_SESSION['id']))
{
header('Location: index.php');
    exit;
}

// Si la variable "$_Post" contient des informations alors on les traitres
if(!empty($_POST))
{
extract($_POST);
$valid = true;
 
    if (isset($_POST['connexion']))
    {
        $email = htmlentities(strtolower(trim($email)));
        $mdp = trim($mdp);

        // On fait une requête pour savoir si le couple mail / mot de passe existe bien
        $req = $DB->query("SELECT * FROM users WHERE email=? AND password=?", 
        array($email, crypt($mdp, "$6$rounds=5000$sfopdgijtsposrigjsotij$")));
        $req = $req->fetch();

        // Si on a pas de résultat alors c'est qu'il n'y a pas d'utilisateur correspondant au couple mail / mot de passe
        if ($req['id'] == "")
        {
            $valid = false;
            $er_email = "Le mail ou le mot de passe est incorrecte";
        }

 
        // S'il y a un résultat alors on va charger la SESSION de l'utilisateur en utilisateur les variables $_SESSION

        if ($valid)
        {
            $_SESSION['id'] = $req['id'];
            $_SESSION['name'] = $req['name'];
            $_SESSION['email'] = $req['email'];
 
            header('Location:  index.php');
            exit;
        }
    }
}
?>
biesior
  • 55,576
  • 10
  • 125
  • 182
Swanito
  • 17
  • 7
  • 1
    Try changing the doble quotes to single ones on `array($email, crypt($mdp, "$6$rounds=5000$sfopdgijtsposrigjsotij$")));` - The double quotes allows php to seach for variables ($round, $sfopd... founded), single quotes just print the `$` like `string` ([Check this](https://dev.to/morinoko/double-quotes-vs-single-quotes-in-php-2e5n)) – Roy Bogado Mar 09 '21 at 22:06
  • Sidenote: `extract($_POST);` -- don't do that. Someone could easily send a request that includes `$_POST['DB']` and voila: your database connection is gone. You should read the expected values from `$_POST['email'] and `$_POST['mdp']` instead of turning them and whatever else the user submitted into variables using `extract()`. – rickdenhaan Mar 09 '21 at 22:11
  • Just in case the password in the errormessage is a real one --> https://stackoverflow.com/help/what-to-do-instead-of-deleting-question – ramtamtam Mar 09 '21 at 22:12
  • ok thanks, but my problem is still not solved – Swanito Mar 09 '21 at 22:33
  • 1
    Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – Tangentially Perpendicular Mar 09 '21 at 22:51

1 Answers1

-2

Line 28, check if you're receiving any value.

print_r($req);

it's probably an error in the sql command.

Jin Lee
  • 3,194
  • 12
  • 46
  • 86
Natanael Bezerra de Oliveira
  • 1