Jump to content

[SOLVED] Processing login info

avatar.alex

By avatar.alex
in PHP Coding Help

 Share

Recommended Posts

avatar.alex Member

avatar.alex

Posted
Posted

I got this software up and running it just is having one problem. Whenever I log in I get this:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/twilightfor.freehostia.com/x/examples/protect.php on line 15

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/twilightfor.freehostia.com/x/examples/protect.php on line 23

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/twilightfor.freehostia.com/x/examples/protect.php on line 33

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/twilightfor.freehostia.com/x/examples/protect.php on line 37

 

I go to protect.php:

(I looked at the code and everything seems correct)

<?php

session_start ();

// --------------------------------THE VARIABLES---------------------------------- //

@include ("config.php");

// ----------------------------------THE CODE ------------------------------------ //

function clearance ($user_value, $pass_value, $level_value, $userlevel_value, $table_value, $column1, $column2, $path) { // Function to see if user can login

$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$pass_value'"); // Query to see if user exists

$verify = mysql_num_rows ($check);

if ($verify == 0) { // Check if passwords are hashed with MD5

	$md5 = md5 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$md5'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

if ($verify == 0) { // Check if passwords are hashed with SHA1

	$sha1 = sha1 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$sha1'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

$get = mysql_fetch_array ($check);

if (count ($level_value) != 0) { // If the allow array contains userlevels

	if (in_array ($get[$userlevel_value], $level_value) && $verify > 0) { // Search allow to see if userlevels match

		$_SESSION['username'] = $user_value; // Register sessions
		$_SESSION['password'] = sha1 ($pass_value); // sha1 password for extra security
		$_SESSION['userlevel'] = $get[$userlevel_value];

	}

} else {

	if ($verify == 0) { // If attempt fails then redirect to login page

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0) { // If attempt is good then register the user

		$_SESSION['username'] = $user_value;
		$_SESSION['password'] = sha1 ($pass_value);

	}

}

}

function protect ($level_value, $password_value, $userlevel_value, $table_value, $column1, $path) { // Function to keep pages secure

if (!isset ($_SESSION['username'])) { // If session doesn't exist then get user to login

	if (isset ($_POST['username']) && isset ($_POST['password'])) {

		$error = "Sorry but your login details were incorrect";

	}

	$_SESSION = array();

	@include ("login.php");

	exit;

} else { // If user is logged in check to see if session is valid and that they have the required userlevel

	$check = mysql_query ("SELECT $password_value, $userlevel_value FROM $table_value WHERE $column1='$_SESSION[username]'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

	$get = mysql_fetch_array ($check);

	if ($verify == 0) {

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0 && count ($level_value) != 0) {

		if (!in_array ($get[$userlevel_value], $level_value)) { // Check to see if the users userlevel allows them to view the page

			$error = "Sorry but your login details were incorrect";

			@include ("login.php");

			exit; // Ensure no other data is sent

		}

	}	

}

}

if (isset ($_POST['username']) && isset ($_POST['password'])) { // If user submits login information then validate it

clearance ($_POST['username'], $_POST['password'], $allow, $userlevel, $table, $username, $password, $path);

}

protect ($allow, $password, $userlevel, $table, $username, $path);

mysql_close ($link); // Close the database connection for security reasons

// -----------------------------------THE END ------------------------------------ //

?>

Link to comment
Share on other sites
CroNiX Member

CroNiX

Posted
Posted

add or die() to each query statement like:

<?php
$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$pass_value'") or die(mysql_error()); // Query to see if user exists

That will show you the mysql errors if there are any...

I also don't see where you are connecting to the database unless it's in config.php, if you're not connected that could also cause those errors.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.