1

I'm making API to simple forum ,, Now trying to check Login with php

on the control page : showForums.php

<?php require_once('session.php');?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>TheForums</title>
</head> 
<body>

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

require_once('fourmsAPI.php');
/*
function tinyf_forums_get($extra ='')
{
    global $tf_handle;
    $query = sprintf("SELECT * FROM `forums` %s",$extra );
    $qresult = mysqli_query($tf_handle, $query);

    if (!$qresult)
        return NULL;
    $recount = mysqli_num_rows($qresult);
    if ($recount == 0)
        return NULL ;
    $forums = array();
    for($i = 0 ; $i < $recount ; $i++)
        $users[count($forums)] = mysqli_fetch_object($qresult);
    //mysql_free_result($qresult);

    return $forums;

}
*/
$forums = tinyf_forums_get();
if($forums == NULL)
{
    die('problem');
}
$fcount = count($forums);
if($fcount == 0)
{
    die('No Forums ');
}
if($_SESSION['user_info'] == false){
    echo '<a href = "login.php">Login!</a>';
}
else{
    $uname = $_SESSION['user_info']->name ;
    echo '<a href = "logout.php">'.$uname.' -- Logout!'.'</a>' ;
}
?>

<br/>

<ul type = "square">
<?php
for($i = 0 ; $i < $fcount ; $i++)
{
    $forum = $forums[$i];
    echo "<li><a href = \"forum.php?id=$forum->id\"> $forum->title <a/> <br/> $forum->desc --";
    if($_SESSION['user_info']->isadmin ==1){
        echo " <a href = \"deleteForum.php?id=$forum->id\"> Delete <a/> | <a href = \"modifyForum.php?id=$forum->id\"> edit <a/> " ;
    }
    echo "<br/>  </li>"; //$array -> 

}
?>  
</ul>   

</body>
</html>

Error: Trying to get property of non-object in /var/www/html/tinyforum/showForums.php on line 62

session.php

<?php
session_start();

if(!isset($_SESSION['user_info'])){
    $_SESSION['user_info'] = false ;
}
?>

i expected the if statement won't be executed

smile
  • 117
  • 3
  • 16

1 Answers1

2

The if statement check has to execute if the loop executes. The inside part does not execute as you expected. The error you're getting is from the condition check. If the user is not logged in, your code is equivalent to

if(null->isadmin ==1){
    echo " <a href = \"deleteForum.php?id=$forum->id\"> Delete <a/> | <a href = \"modifyForum.php?id=$forum->id\"> edit <a/> " ;
}

Which obviously yields an error. You can check that the session is set first or use the @ operator.

Anonymous
  • 11,740
  • 3
  • 40
  • 50
  • i tried @ and it helped me so ...@ operator will avoid the problem if the user didn't login ? – smile Jul 15 '15 at 22:00
  • if(@$_SESSION['user_info']->isadmin ==1){ echo " id\"> Delete | id\"> edit " ; } that what u mean ? – smile Jul 15 '15 at 22:01
  • 1
    Take a look at [this community wiki](https://stackoverflow.com/questions/3737139/reference-what-does-this-symbol-mean-in-php). The `@` operator just tells PHP to shut up and not display warnings. It's *ok* in this case (checking if the user is null would be better), but please don't abuse it as it hides important errors. This would be better: `if($_SESSION['user_info'] && $_SESSION['user_info']->isadmin === 1) {}` – Anonymous Jul 15 '15 at 22:01
  • if($_SESSION['user_info'] && $_SESSION['user_info']->isadmin == 1) worked too :) but $_SESSION['user_info'] means if the user log in will be true ? – smile Jul 15 '15 at 22:09
  • 1
    The `&&` means that both conditions have to be true for the if statement to execute the inside. First it checks if the user is set, then the admin privileges. For admins, this ends up being `true && true` which evaluates to true. Logged in non-admins end up as `true && false`, so they don't see the output. Non-logged in users get `false && false`, so they don't see it either. – Anonymous Jul 15 '15 at 22:13