0

I am creating an admin area for my site but I have 3 php errors that are appearing and I can't find a fix.

Login.php

<?php

include_once("includes/config.php");

$username = $password = "";
$username_err = $password_err = "";

if($_SERVER["REQUEST_METHOD"] == "POST") {
    if(empty(trim($_POST["username"]))){
        $username_err = 'Please enter your admin username.';
    } else{
        $username = trim($_POST["username"]);
    }   
    
    if(empty(trim($_POST['password']))){
        $password_err = 'Please enter your admin password.';
    } else{
        $password = trim($_POST['password']);
    }
    
if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT username, password FROM members WHERE username = ?";
        
        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);
            
            // Set parameters
            $param_username = $username;
            
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);
                
                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            /* Password is correct, so start a new session and
                            save the username to the session */
                            session_start();
                            $_SESSION['username'] = $username;      
                            header("location: main.php");
                        } else{
                            // Display an error message if password is not valid
                            $password_err = 'The password you entered was not valid.';
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = 'No account found with that username.';
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }
        }
        
        // Close statement
        mysqli_stmt_close($stmt);
    }
    
    // Close connection
    mysqli_close($link);
}
?>

The issues that are showing are

[04-Dec-2017 20:21:01 Europe/London] PHP Warning: mysqli_prepare() expects parameter 1 to be mysqli, null given in /home/drugcraf/public_html/admin/login.php on line 25

[04-Dec-2017 20:21:01 Europe/London] PHP Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, null given in /home/drugcraf/public_html/admin/login.php on line 63

[04-Dec-2017 20:21:01 Europe/London] PHP Warning: mysqli_close() expects parameter 1 to be mysqli, null given in /home/drugcraf/public_html/admin/login.php on line 67

The page loads but when you click login it does not log you in

ob_start();
session_start();

date_default_timezone_set('Europe/London');

$DB_IP = "localhost";
$DB_USER = "jenkinsdesigns_a";
$DB_PASSWORD = "PASSWORD HIDDEN";
$DB_NAME = "jenkinsdesigns_admin";

$link = mysqli_connect($DB_IP,$DB_USER,$DB_PASSWORD,$DB_NAME);

if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}



include("functions.php");
Community
  • 1
  • 1
Policeboy109
  • 3
  • 3
  • 1
    **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Dec 04 '17 at 20:40
  • 2
    It looks like you're not connected. Show us how `$link` is setup. – Jay Blanchard Dec 04 '17 at 20:41
  • ob_start(); session_start(); date_default_timezone_set('Europe/London'); $DB_IP = "localhost"; $DB_USER = "jenkinsdesigns_a"; $DB_PASSWORD = "PASSWORD HIDDEN"; $DB_NAME = "jenkinsdesigns_admin"; $link = mysqli_connect($DB_IP,$DB_USER,$DB_PASSWORD,$DB_NAME); if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } include("functions.php"); – Policeboy109 Dec 04 '17 at 21:07
  • Please do not dump code in comments where it is almost impossible to decipher. Edit your original question to add any new information. – Jay Blanchard Dec 04 '17 at 21:14
  • Have you checked the webserver's error logs? – Jay Blanchard Dec 04 '17 at 21:16
  • Yes, Posted in the first message. – Policeboy109 Dec 04 '17 at 21:18
  • Added the code to the message – Policeboy109 Dec 04 '17 at 21:26
  • Is something in functions.php killing the link variable? – mickmackusa Dec 05 '17 at 05:34
  • There is nothing in Functions.php – Policeboy109 Dec 05 '17 at 15:28

0 Answers0