Barak

Yep I figured it out and fixed it a week ago, now I have another problem. I use sessions cause I want members to stay logged in. Now it creates a sessions when there's a succesefull login, and even creates a file @ Temp folder on my homemade server. Now when I go to another page and try to use that session, it doesn't work. Any help will be appreacited files - login: <?php require_once("config.php"); session_start(); $message=""; $PHP_SELF=""; ////// Login Section. $Login=$_POST['Login']; if ($Login) { mysql_select_db("my_db", $con); // username and password sent from form $ppassword=$_POST['pass']; $mypassword=md5($ppassword); $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username='".$myusername."' AND Password='".$mypassword."'"; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file $_SESSION['user']= $myusername; header("Location: myaccount.php"); } else { $message="Wrong Username/Password!"; } } // close Login ?> <html> <body> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> <?php echo $message; ?> </form> </body> </html> "myaccount page" - just a test page of sessions: <?php session_start(); if (!isset($_SESSION['user'])) { die ("Access Denied"); } ?> <h2>My Account </h2> <?php if (isset($_SESSION['user'])) { ?> <p>Logged as <?php echo $_SESSION['user']; ?> | <a href="settings.php">Settings</a> | <a href="logout.php">Logout</a> </p> <?php } ?>

This is the file a_login.php: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $PHP_SELF=""; $host="localhost"; //your host $user="root"; //your username $password="pass"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if ($Login) { // username and password sent from form $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username='$myusername',$db"; echo $myusername; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { die('Could not connect: ' . mysql_error()); } } // close Login mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> "Could not connect: No database selected" Dunno why... kinda wierd.. Any ideas?

When I run echo $sql it shows the right username.. which means it gets it right. This is the last updated code, tell me exactly what do you want me to change/add, it will be more accurate like that: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $PHP_SELF="#"; $host="localhost"; //your host $user="root"; //your username $password="pass"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if ($Login) { // username and password sent from form $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username=$myusername"; echo $myusername; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not"; } } // close Login mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> And now this is the log, it shows some errors with the Login Button, and with the mysql_num_rows.. dunno what to do, look at it: [Fri Nov 28 20:01:55 2008] [error] [client 127.0.0.1] PHP Notice: Undefined index: Login in C:\\site\\a_login.php on line 24 [Fri Nov 28 20:01:56 2008] [error] [client 127.0.0.1] PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\\site\\a_login.php on line 33, referer: http://localhost/a_login.php Thank you for your time! - Barak

Sorry for the double post, though I couldn't find the modify button again. anyways, I figured out it was a problem with the mysql_num_row() function, though I have no idea how to fix this. I have read about it abit, but there's no correction anyone gave for it, so I'd appreaciate if you could help me out with this so I can continue writing the script. Thank you for your time. Barak

I tried to do something, I only tried to verify the Username, and then again always it's getting it not logged. But, I also made an Echo part which asks for the user=username, and it gets me the right username.. which is wierd. there is the file again with all the fixes and what I tried to do: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="p"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } // username and password sent from form $myusername=$_POST['user']; ////// Login Section. $Login=$_POST['Login']; if ($Login) { $sql=mysql_query("SELECT * FROM A WHERE UserName='".$myusername."'"); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not $myusername"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> Edit: I looked out at the logs, and I think I found the problem! omg: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\\site\\login.php on line 32, referer: http://localhost/a_login.php

Thanks I've updated what you were telling me. Still there's a problem, not matter what it shows the message 'not' (as it doesn't find a match with username and pass). updated code: (of login.php) <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if($Login) { // If clicked on Login button. // username and password sent from form $myusername=$_POST[user]; $ppassword=$_POST[pass]; $mypassword=md5($ppassword); $sql="SELECT * FROM A WHERE UserName='".$myusername."' AND Password='".$mypassword."'"; $query=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html>

Hello there, I wrote alil script - login system. now the register works great, but when I try to get it to work with login, I don't know why but it's always makes it as wrong password/username. I hoped you could look at the 2 files I will upload and you might find something I can't see. Just notice the script is very simple without any security cause I took it all off so I can see why the login script doesn't work. I will really apperacite any help. This is the register.php file: <?php $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $message=""; $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } $Register=$_POST['Register']; if($Register) { mysql_select_db($db, $con); // checks if user or pass is missing. if ((!$_POST[user]) || (!$_POST[pass]) ) { $message="--- You missed some part ---"; } else { //if nothing's missing, the query starts checking if theres such user. $sql = mysql_query( "SELECT * FROM A WHERE Username ='$_POST[user]'" ); if( mysql_num_rows($sql) > 0 ) { // if the user is already exists. it shows an error. $message="Sorry, the name is already in our database."; } else { // if its all ok, then the query starts setting the info into the table. $pass=md5($_POST[pass]); $sql="INSERT INTO A SET Username='$_POST[user]', Password='$pass', FirstName='$_POST[first]', LastName='$_POST[last]' "; if (!mysql_query($sql)) { echo "dang it!"; die ('ERROR: ' . mysql_error()); } else { $message="Thanks! now you can login."; header("location:a_login.php"); // Re-direct to main.php } } } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> Firstname: <input type="text" name="first" /><br /> Lastname: <input type="text" name="last" /><br /> <input type="submit" name="Register" /> </form> </body> </html> This is the login.php: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if($Login) { // If clicked on Login button. // username and password sent from form $myusername=$_POST[user]; $ppassword=$_POST[pass]; $mypassword=md5($ppassword); $sql="SELECT * FROM A WHERE UserName=$_POST[user] AND Password=$mypassword"; $query=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ $message="matches username and pass"; } else { $message="no match"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html>