0

I have a register and login page that is connected to my sql DB. The register takes the values as it should but the login.php gives this error:

Warning: Trying to access array offset on value of type bool in C:\xampp\htdocs\login\login.php on line 22

here is my code:

login.php

<?php
require_once "config.php";
require_once "session.php";
$error='';
if($_SERVER["REQUEST_METHOD"]=="POST"&&isset($_POST['submit'])){
    
    $email=trim($_POST['email']);
    $password=trim($_POST['password']);

  if(empty($email)){
      $error .='<p class="error">please enter email</p>';
  }
  if(empty($password)){
    $error .='<p class="error">please enter password</p>';
  }
if(empty($error)){
    if($query=$db->prepare("SELECT * FROM users WHERE email=?")){
        $query->bind_param('s',$email);
        $query->execute();
        $row=$query->fetch();
        if($row){
            if(password_verify($password,$row['password']==false||is_null($row['password']))){
                $_SESSION["userid"]=$row['id'];
                $_SESSION["user"]=$row;
                header("location: welcome.php");
                exit;
            }else{
                $error.='<p class="error">password is wrong</p>';
            }
        }else{
                $error.='<p class="error">email is wrong</p>';
            }
        }
        $query->close();
    }
    mysqli_close($db);
}
  
    ?>

I have tried is_null but that did not seem to work

Dharman
  • 30,962
  • 25
  • 85
  • 135
Juststartedcoding
  • 35
  • 12
  • 1
    There's a typo in your code (not sure if that's the cause of the current error though, but will def. make your code not work). `password_verify($password,$row['password']==false` is missing the closing parentheses for the function. It should be: `password_verify($password,$row['password']) ==false`. Right now, you're verifying `$password` against the expression `$row['password']==false||is_null($row['password'])` (which will be a boolean) – M. Eriksson May 03 '21 at 22:12
  • It's *probably* trying to tell you that `$query->execute();` is returning as a boolean .. (1 or 0) -- Most likely a **0** meaning "failed" or "false" – Zak May 03 '21 at 22:12
  • **WARNING**: Writing an access control layer is not easy and there are many opportunities to get it severely wrong. Any modern [development framework](https://www.cloudways.com/blog/best-php-frameworks/) like [Laravel](http://laravel.com/) comes with an [authentication system](https://laravel.com/docs/master/authentication) built-in. – tadman May 03 '21 at 22:27
  • `$row=$query->fetch();` returns a boolean always. You can't use it as an array. You are mixing PDO and mysqli – Dharman May 03 '21 at 22:29

1 Answers1

-1

Based on PHP manual https://www.php.net/manual/en/function.password-verify.php

password_verify ( string $password , string $hash ) : bool

Second parameter of password_verify function is a hash string, in your code you use boolean as parameter

my suggestion is:

            if ($row) {
                if (empty($row['password']) || is_null($row['password'])) {
                    $error .= '<p class="error">password is null</p>';
                } else if (password_verify($password, $row['password'])) {
                    $_SESSION["userid"] = $row['id'];
                    $_SESSION["user"] = $row;
                    header("location: welcome.php");
                    exit;
                } else {
                    $error .= '<p class="error">password is wrong</p>';
                }
            } else {
                $error .= '<p class="error">email is wrong</p>';
            }
Agus Sudarmanto
  • 27
  • 2