I’ve created a login/register system in php, however I am receiving the call to member error, and Im unsure on how to fix it? I am simply trying to check that the password the user inputted into signup.php is the same as the hashed and original password in signup_user.php.
Here is my code:
sigin.php
<?php
ini_set("display_errors", "1");
ini_set("display_startup_errors", "1");
error_reporting(E_ALL);
$is_invalid = false;
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$mysqli = require __DIR__ . "/connection.php";
$sql = sprintf("SELECT * FROM users
WHERE user_name = '%s'",
# prevent sql injection(below)
$mysqli->real_escape_string($_POST["Username"]));
$result = $mysqli->query($sql);
$user = $result->fetch_assoc();
if ($user) {
if (password_verify($_POST["Password"], $user["password_hash"])) {
session_start();
session_regenerate_id();
$_SESSION["id"] = $user["user_id"];
echo "Successful Login :) ... redirecting";
exit;
}
}
$is_invalid = true;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Login to your account</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Roboto|Courgette|Pacifico:400,700" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/signin.css">
</head>
<body>
<div class="signin-form">
<form action="" method="post">
<div class="form-header">
<h2>Sign In</h2>
<p>Login to MyChat</p>
</div>
<div class="form-group">
<label>Email</label>
<input type="text" class="form-control" name="Username" autocomplete="off" required="required">
</div>
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control" placeholder="Password" name="Password" autocomplete="off" required="required">
</div>
<div class="small">Forgot password? <a href="forgot_pass.php">Click Here</a></div><br>
<div class="form-group">
<button type="submit" class="btn btn-primary btn-block btn-lg" name="sign_in">Sign in</button>
</div>
<?php #include("signin_user.php"); ?>
</form>
<div class="text-center small" style='color:#67428B;'>Don't have an account? <a href="signup.php">Create one</a></div>
</div>
</body>
</html>
connection.php
<?php
$con = mysqli_connect("localhost","root","","ecom") or die("Connection was not established");
?>
signup_user.php
<?php
ini_set("display_errors", "1");
ini_set("display_startup_errors", "1");
error_reporting(E_ALL);
#include("/connection.php");
include("/Applications/XAMPP/xamppfiles/htdocs/Ecom/chat/code/connection.php");
if(isset($_POST['sign_up'])){
# password hash:
$password = $_POST['user_pass'];
$confirm_password = $_POST['confirm_user_pass'];
$pin = $_POST['user_pin'];
$confirm_pin = $_POST['confirm_user_pin'];
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$confirm_password_hash = password_hash($confirm_password, PASSWORD_DEFAULT);
$pin_hash = password_hash($pin, PASSWORD_DEFAULT);
$confirm_pin_hash = password_hash($confirm_pin, PASSWORD_DEFAULT);
# pass hash data & POST data to db:
$name = htmlentities(mysqli_real_escape_string($con,$_POST['user_name']));
$pass = htmlentities(mysqli_real_escape_string($con,$password_hash));
$confirm_pass = htmlentities(mysqli_real_escape_string($con,$confirm_password_hash));
$pin = htmlentities(mysqli_real_escape_string($con,$pin_hash));
$confirm_pin = htmlentities(mysqli_real_escape_string($con,$confirm_pin_hash));
$rand = rand(1, 3); //Random number between 1 and 3
# Register Validation
if(empty($name)){
echo "<script>alert('Username is required')</script>";
}
if(strlen($name) < 3) {
echo "<script>alert('Username must be 3 - 30 characters')</script>";
exit();
}elseif(strlen($name) > 30) {
echo "<script>alert('Username must be 3 - 30 characters')</script>";
exit();
}
if(strlen($_POST['user_pass'])<12){
echo "<script>alert('Password must be at least 12 characters')</script>";
exit();
}
if(! preg_match("/[A-Z]/i", $_POST["user_pass"])){
echo "<script>alert('Password must contain at least one capital letter')</script>";
exit();
}
if (! preg_match("/[0-9]/", $_POST["user_pass"])) {
echo "<script>alert('Password must contain at least one number')</script>";
exit();
}
if (! preg_match("/[^a-zA-Z0-9]/", $_POST["user_pass"])) {
echo "<script>alert('Password must contain at least one symbol')</script>";
exit();
}
if ($_POST["user_pass"] !== $_POST["confirm_user_pass"]) {
echo "<script>alert('Password must match')</script>";
exit();
}
if (! is_numeric($_POST["user_pin"])) {
echo "<script>alert('Pin must contain numbers only')</script>";
exit();
}
if ($_POST["user_pin"] !== $_POST["confirm_user_pin"]) {
echo "<script>alert('Pin must match')</script>";
exit();
}
# Check for duplicate Username
$check_username = "select * from users where user_name='$name'";
$run_username = mysqli_query($con,$check_username);
$check = mysqli_num_rows($run_username);
if($check==1){
echo "<script>alert('Username already exist, please try another!')</script>";
echo "<script>window.open('signup.php','_self')</script>";
exit();
}
}
# Pass php variable into sql db
$insert = "insert into users (user_name,
user_pass,
confirm_user_pass,
user_pin,
confirm_user_pin)
values ('$name',
'$pass',
'$confirm_pass',
'$pin',
'$confirm_pin')";
$query = mysqli_query($con,$insert);
# Register confirmation
if($query){
echo "<script>alert('Congratulations $name, your account has been created successfully.')</script>";
echo "<script>window.open('signin.php','_self')</script>";
}
else {
echo "<script>alert('Registration failed, try again!')</script>";
echo "<script>window.open('signup.php','_self')</script>";
}
}
?>