Fatal error: datatype?

dabya · April 11, 2023, 10:30pm

I am trying to do Login using PHP & phpmyadmin
as you can see im using functions from differrent classes to do that
1 - DB class-fetch data
2-Users class-check user (Authentication)
3-Login class-(Logging in//setting session variables)
Help if you ca

Fatal error: Uncaught TypeError: mysqli_fetch_object(): Argument #1 ($result) must be of type mysqli_result, bool given in C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\database.php:50 Stack trace: #0 C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\database.php(50): mysqli_fetch_object(false) #1 C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\classes.php(118): database->singleFetch(‘SELECT * FROM u…’) #2 C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\classes.php(395): users->checkUser(‘201700013’, ‘123123123’) #3 C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\login.php(13): Login->login(‘201700013’, ‘123123123’) #4 {main} thrown in C:\Users\dabya\OneDrive\Documents\xamp\htdocs\HR\database.php on line 50

dabya · April 11, 2023, 10:31pm

login

    function login($user, $password)
    {
         try {
            
          $this->checkUser($user, $password);
            if ($this->getUid() != null) {
                $this->k = true;
                
                $_SESSION['ID'] = $this->getUid();
                $_SESSION['Name'] = $this->getName();
                $_SESSION['Role'] = $this->getRole();
               // echo "session value ".$this->getAdmin();
                setcookie('ID', $_SESSION['ID'], time() + 60 * 60 * 24 * 7, '/', $this->dmn);
                setcookie('Role', $_SESSION['Role'], time() + 60 * 60 * 24 * 7, '/', $this->dmn);
                setcookie('Name', $_SESSION['Name'], time() + 60 * 60 * 24 * 7, '/', $this->dmn);

                return true;
            } else {
                
                $error[] = 'Wrong Username OR password';
            }
            return false;
        } catch (Exception $e) {
    }}

dabya · April 11, 2023, 10:33pm

function singleFetch($sql) {
          
        $fet = null;
        if ($sql != null || $sql != '') {
            $res = mysqli_query($this->dblink, $sql);
            $fet = mysqli_fetch_object($res);
        }
        return $fet;
    }

dabya · April 11, 2023, 10:34pm

 function checkUser($ID,$Password)
    {
        $db = Database::getInstance();
        $data = $db->singleFetch('SELECT * FROM users WHERE ID = \'' . $ID . '\' AND Password = \'' . $Password . '\'');
        $this->initWith($data->ID, $data->Name, $data->Email, $data->Role,$data->Password, $data->Login);
        echo'checking';
    }

Strider64 · April 12, 2023, 12:55am

I use PDO, but writing a login method is pretty straight forward.

Here how I do it →

    public function __construct($args = [])
    {
        // Declared in DatabaseObject Class
        static::$searchItem = 'username';
        // Declared in DatabaseObject Class
        static::$searchValue = htmlspecialchars($args['username']);
        $this->password = htmlspecialchars($args['hashed_password']);
    }

    public function login(): void
    {
        $sql = "SELECT id, hashed_password FROM " . static::$table . " WHERE username =:username LIMIT 1";

        $user = static::fetch_by_column_name($sql);

        if ($user && password_verify($this->password, $user['hashed_password'])) {
            unset($this->password, $user['hashed_password']);
            session_regenerate_id(); // prevent session fixation attacks
            static::$last_login = $_SESSION['last_login'] = time();
            $this->id = $_SESSION['id'] = $user['id'];
            header("Location: admin.php");
            exit();
        }

        static::$error[] = 'Unable to login in!';

    }

Then in my DatabaseObject class I have the following

    public static function fetch_by_column_name($sql): mixed
    {
        try {
            $stmt = Database::pdo()->prepare($sql);
            $stmt->execute([static::$searchItem => static::$searchValue]);
            return $stmt->fetch(PDO::FETCH_ASSOC);
        } catch (PDOException $e) {
            error_log('Error fetching data by column name: ' . $e->getMessage());
            return false;
        }
    }

The Login class extends the DatabaseObject class as that way the DatabaseObject Class can be use with other classes.

class Login extends DatabaseObject

The only thing I put in session is the user’s id and the last login, if I need any other user info I just pull it out of the database table when needed. Make the classes work for you, not against you. I use Active Record Design Pattern instead of MVC, but if I were building larger websites I would use MVC pattern.