These are the two main sources of my problem I think,
From my functions.php page:
function sanitize_string(string $var)
{
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
$var = trim($var);
return mysqli_real_escape_string($var);
}
From my users.php page:
function authenticate_user($email, $password,$connection) {
$connection = mysqli_connect('localhost','root','','database');
$s_email = functions\sanitize_string($email);
$query = "SELECT * FROM ".USER_TABLE." WHERE email_address='$_email'";
$result = mysqli_query($connection,$query,MYSQLI_USE_RESULT);
if (!$result) die("Database access failed: " . mysqli_error($connection));
elseif (mysql_num_rows($result)) {
$row = mysql_fetch_assoc($result);
$input_token = encrypt_password($password);
if ($row['password'] == $input_token) {
$_SESSION['user_id'] = $row['id'];
$_SESSION['email_address'] = $row['email_address'];
$_SESSION['first_name'] = $row['first_name'];
return $row;
} else {
What I have tried:
Googled everything and everywhere for people with similar problems. Tried figuring out what I was doing wrong in terms of sanitizing the variables. I don't know