Login PHP and Mysql generating mysqli_fetch_array() error

Asked

Viewed 192 times

2

Good morning!

I have the following code to log in to the system:

<?php


require_once('conexao.php');

// FETCH DATA FROM FORM USING METHOD POST
// IF BUTTON NAME "LOGIN" IS SET
if (isset($_POST['login'])) {




// FETCH DATA FROM INPUT FIELD
$user = mysqli_real_escape_string($conexao, $_POST['usuario']);
$pass = mysqli_real_escape_string($conexao, $_POST['password']);

  // CHECK ALL FIELD HAS BEEN FILLED UP
 if ($user && $pass) {

   // QUERY FROM DATABASE
  $query= mysqli_query($conexao, "SELECT * FROM usuarios WHERE usuario='".$user."'");
  $checkuser= mysqli_num_rows($query);

   // CHECK IF USERNAME EXIST ON DATABASE
  if($checkuser != 1) {

    // I'LL BE SETTING A VARIABLE IF YOUR DOESN'T EXIST
   $error = "Username doesn't exist in our database!";
  }

   // FETCHING PASSWORD IN DATABASE WHERE USERNAME COINCIDES
  while ($row = mysqli_fetch_array($user)) {
   $checkpass= $row['senha'];


    // CHECK IF ENTERED PASSWORD MEETS THE USERNAME PASSWORD
   if ($pass== $checkpass) {

     // IF ALL OKAY SET SESSION
    setcookie("usuario", $user, time()+7200);
    $_SESSION['usuario'] = $user;
    $_SESSION['start'] = time();
    $_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
    header("Location: ../admin.php");
    exit();
   } else {

     // SET VARIABLE THAT'LL SHOW IF USER PASSWORD IS INCORRECT
    $error = "Incorrect password!";
   }
  }
 } else {

  // SET VARIABLE IF ALL FIELD ARE NOT FILLED UP
 $error = "Please enter a username and password.";
 }
}


?>

When trying to log in, on the "login.php" page, I get the following error:

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, string given in C:\xampp\htdocs\projetoqa\php\checklogin.php on line 32
php mysql

2 answers

2


Try this:

while ($row = mysqli_fetch_array($query))

The first parameter of mysqli_fetch_array() must be a resulttypeand not a string, which is the variable $user.

In your logic, put everything that comes after the user’s check inside a else:

if($checkuser != 1) {
    // I'LL BE SETTING A VARIABLE IF YOUR DOESN'T EXIST
    $error = "Username doesn't exist in our database!";
}
else {
    $row = mysqli_fetch_array($query);
        ....

If this code is not executed when the user is not found and may result in error. And as your query should return only one record, the while is not necessary.

  • Perfect! Thanks for the help! Gave straight! Another doubt, I do not know if it can be cured here. On my system, if the user changes the url to the place he logs in, in the case of "admin.php", he can access it without logging in. Right? Is it something related to this code here? Or some other procedure?

  • 1

    @Rodrigobrf in this case would be correct to create a file where you check for the session you created in the login process. If she was past due you give access denied. This file you have to include on every page with restricted access at the beginning. I usually save - in this same file - the time the user accessed, but before I check if it has been more than 5 minutes - or the time you prefer - that was accessed, then the session is invalidated.

  • 1

    perfect! I will research more deeply into it after I finish the rest of the programming. thanks!

1

You need to pass $query to mysqli_fetch_array instead of going to $user.

  • Thanks friend! It worked with your tip!

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.