CODEWITHSUNDEEP
phpauthenticationmysqli
Blank EDjok
Blank EDjok

Reputation: 742

Including database connection file in php

I am creating a simple login feature in php for my website, now I tried everything before and it worked well, then I decided to reorganize my files by grouping all my functions together in one file, my database settings and connection in another file and my session configuration (for running on my localhost) in yet another file.

The point for me doing this is simply to keep my code clean and organized and easy to understand for me in the future.

This is my login page:

<?php
    include('session-config.php');
    include('dbconnection.php');
    include('functions.php');
    include('password_hash_lib/password.php');

    if (isset($_POST['data']))
    {
        $data = $_POST['data'];
        $auth = json_decode($data);
        $user_email = $auth->Email;
        $user_pass = $auth->Password;
        authenticate($user_email, $user_pass);
    }

    function authenticate($Email, $Password)
    {   
        $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
        $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
        $result = $db->query($sql);
        $User = $result->fetch_object();

        if ($User->user_email == '')
        {
            header("Location: login-page.html?msg=failed");
        }

        if (password_verify($Password, $User->user_password_hash))
        {
            $_SESSION["user_auth_details"] = $User->user_id . "+" . $User->user_email . '+' . $User->user_name . "+" . $User->user_display_image . "+" . $User->user_display_name;
            header("Location:" . $_SESSION['page_url']);
        }
         else {
            header("Location: login-page.html?msg=failed");

         }
    }

?>

And this is my database connection file:

<?php
    $db = new mysqli("xxxxxxxxxxxxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxxxx", "xxxxxxxxxxx");
    if($db->connect_errno > 0){
        die('Unable to connect to database [' . $db->connect_error . ']');
    }
?>

As you can see I have included the dbconnection.php file in my login.php but whenever I try to call the authenticate() function, this error is returned:

Notice: Undefined variable: db in C:\xampp\htdocs\xxxxxxxx\login.php on line 27

Fatal error: Call to a member function query() on a non-object in C:\xampp\htdocs\xxxxxxx\login.php on line 27

Now I'm a bit confused about this, since I have $db defined in my dbconnection.php file and I have include that file in my login.php page, I expected that to work or am I wrong?

Upvotes: 9

Views: 84353

Answers (2)

Nathan H
Nathan H

Reputation: 49451

Add global $db; to the beginning of your authenticate function.

However, I strongly recommend you learn about PDO: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

Your code is currently unsafe

Upvotes: 3

Ahmad
Ahmad

Reputation: 5760

You have to globalize the variable before using in a function.
Just add this line at the top of your function:

function authenticate($Email, $Password)
    {   
         global $db;
         $HashedPassword = password_hash($Password, PASSWORD_DEFAULT);        
         $sql = "SELECT * FROM app_users WHERE user_email='$Email'"; 
         $result = $db->query($sql);
         $User = $result->fetch_object();
    ...

Upvotes: 7

Related Questions