0

This is my code, and i think the issue is with $stmt->close(); as the error says. But i don't know how to fix it. I have searched the other questions but i can't find an answer (at least it's not helping me, the answers are all confusing :) ) Can you guys please help me? 

<?php
// Initialize the session
session_start();

// Check if the user is already logged in, if yes then redirect him to 
welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: dash.php");
exit;
}

// Include config file
require_once "config.php";

// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

// Check if username is empty
if(empty(trim($_POST["username"]))){
    $username_err = "Please enter username.";
} else{
    $username = trim($_POST["username"]);
}

// Check if password is empty
if(empty(trim($_POST["password"]))){
    $password_err = "Please enter your password.";
} else{
    $password = trim($_POST["password"]);
}

// Validate credentials
if(empty($username_err) && empty($password_err)){
    // Prepare a select statement
    $sql = "SELECT id, username, password FROM employees WHERE username = 
 ?";

    if($stmt = $mysqli->prepare($sql)){
        // Bind variables to the prepared statement as parameters
        $stmt->bind_param("s", $param_username);

        // Set parameters
        $param_username = $username;

        // Attempt to execute the prepared statement
        if($stmt->execute()){
            // Store result
            $stmt->store_result();

            // Check if username exists, if yes then verify password
            if($stmt->num_rows == 1){
                // Bind result variables
                $stmt->bind_result($id, $username, $hashed_password);
                if($stmt->fetch()){
                    if(password_verify($password, $hashed_password)){
                        // Password is correct, so start a new session
                        session_start();

                        // Store data in session variables
                        $_SESSION["loggedin"] = true;
                        $_SESSION["id"] = $id;
                        $_SESSION["username"] = $username;

                        // Redirect user to welcome page
                        header("location: dash.php");
                    } else{
                        // Display an error message if password is not valid
                        $password_err = "The password you entered was not 
                       valid.";
                    }
                }
            } else{
                // Display an error message if username doesn't exist
                $username_err = "No account found with that username.";
            }
         } else{
            echo "Oops! Something went wrong. Please try again later.";
         }
     }

     // Close statement
     $stmt->close();
   }

   // Close connection
    $mysqli->close();
}
 ?>

This is what i'm getting - img

Blagojce
  • 27
  • 1
  • 9

2 Answers2

1

$stmt->close() needs to be inside if($stmt = $mysqli->prepare($sql)). If that fails, $stmt is set to false so you're trying to call file->close(), which makes no sense. You should also have an else block to display the reason why it failed.

// Validate credentials
if(empty($username_err) && empty($password_err)){
    // Prepare a select statement
    $sql = "SELECT id, username, password FROM employees WHERE username = 
 ?";

    if($stmt = $mysqli->prepare($sql)){
        // Bind variables to the prepared statement as parameters
        $stmt->bind_param("s", $param_username);

        // Set parameters
        $param_username = $username;

        // Attempt to execute the prepared statement
        if($stmt->execute()){
            // Store result
            $stmt->store_result();

            // Check if username exists, if yes then verify password
            if($stmt->num_rows == 1){
                // Bind result variables
                $stmt->bind_result($id, $username, $hashed_password);
                if($stmt->fetch()){
                    if(password_verify($password, $hashed_password)){
                        // Password is correct, so start a new session
                        session_start();

                        // Store data in session variables
                        $_SESSION["loggedin"] = true;
                        $_SESSION["id"] = $id;
                        $_SESSION["username"] = $username;

                        // Redirect user to welcome page
                        header("location: dash.php");
                    } else{
                        // Display an error message if password is not valid
                        $password_err = "The password you entered was not 
                       valid.";
                    }
                }
            } else{
                // Display an error message if username doesn't exist
                $username_err = "No account found with that username.";
            }
        } else{
            echo "Oops! Something went wrong. Please try again later.";
        }
        // Close statement
        $stmt->close();
    } else {
        die($mysqli->error);
    }
}
Barmar
  • 741,623
  • 53
  • 500
  • 612
0

Assuming the brackets are aligned... If it's that line, $stmt = $mysqli->prepare($sql) resulted in $stmt being false. The close method doesn't exist for a boolean. Your code expected a statement object.

So preparing the statement went wrong. Check the statement for syntax errors or invalid column and table names, etc.

The following lines should be switched together also:

// Bind variables to the prepared statement as parameters
$stmt->bind_param("s" $param_username); // Set parameters
$param_username = $username;
DigiLive
  • 1,093
  • 1
  • 11
  • 28