Jump to content

[SOLVED] problem with login page

DEVILofDARKNESS

By DEVILofDARKNESS
in PHP Coding Help

 Share

Recommended Posts

DEVILofDARKNESS Regular Member

DEVILofDARKNESS

Posted
Posted

I get a sql error:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /www/uuuq.com/4/a/d/4ade/htdocs/login.php on line 15

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /www/uuuq.com/4/a/d/4ade/htdocs/login.php on line 20

 

this is the code

 

<?php

session_start();
if($_POST) {
        require_once 'config.php';
        $username = $_POST['username'];
        $password = $_POST['password'];
/* DATABASE SETTINGS */
                $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
                mysql_real_escape_string($username),
                mysql_real_escape_string(md5($password)));
        $result = mysql_query($query);
        list($count) = mysql_fetch_row($result);
                $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
                        mysql_real_escape_string($username),
                        mysql_real_escape_string(md5($password)));
                $result = mysql_query($query);
                list($count) = mysql_fetch_row($result);
                if($count == 1) {
                        $_SESSION['authenticated'] = true;
                        $_SESSION['username'] = $username;
                        $query = sprintf("UPDATE users SET last_login = NOW() WHERE UPPER(user_name) = UPPER('%s') AND user_pass = '%s'",
                                mysql_real_escape_string($username),
                                mysql_real_escape_string(md5($password)));
                        mysql_query($query);
							header('location:gedichten/gedichten.php');
                } else {
					$color = "red";
                        $echo = 'There is no username/password combination like that in the database.';
                }
        
}

?>
<html dir="ltr">
    <head>
        <title>Login</title>
        <link href="../../standard.css" type="text/css" rel="stylesheet" />
<link href='natuur.css' type='text/css' rel="stylesheet" />
    </head>
    <body>
        <table class="look" height="100%" width="100%" border="1">
            <tbody>
                <tr>
                    <td width="10%" height="100%"><iframe class="frames" src="../../functieknoppen/functieknoppennatuur.htm" frameborder="0" width="100%" height="100%" scrolling="no"></iframe>
                    </td>
                    <td><center>
				<font color="<?php echo $color; ?>"><?php echo $echo; ?></font><br>
					<form action="" method="post">
						Username: <input type="text" name="username" id="username"><br>
						Password: <input type="password" name="password"><br>
						<input type="submit" value="login"> -- <input type="reset" value="reset">
					</form>
					<script type="text/Javascript">
						document.getElementById("username").focus();
					</script>
				</td>
			</tr>
		</tbody>
	</table>
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/146722-solved-problem-with-login-page/
Share on other sites
premiso Regular Member

premiso

Posted
Posted 

if($_POST) {

 

Is always true, instead use isset of a form element that is required.

 

if(isset($_POST['username']) {

 

You should also check that the query returned a result by either using is_resource. Also the UPPER in the SQL is not required for username, as MySQL is already case insensitive. And you do not need to escape md5 hashes (they will not contain bad characters).

 

Why are you running the query twice? You should add an or die to your mysql_query (at least while debugging).

$result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());

 

To give you better feedback.

DEVILofDARKNESS Regular Member

DEVILofDARKNESS

Posted
  • Author
Posted

I've changed a lot of things, but it still gives me my own error that there isn't a row with that username and password.

 

<?php

session_start();
if(isset($_POST)) {
        require_once 'config.php';
        $username = $_POST['username'];
        $password = md5($_POST['password']);
        /*DATABASE SETTINGS */
                $query = sprintf("SELECT COUNT(user_id) FROM users WHERE user_name = '$username' AND user_pass='$password'",
                mysql_real_escape_string($username));
        $result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
        list($count) = mysql_fetch_row($result);
                if($count == 1) {
                        $_SESSION['authenticated'] = true;
                        $_SESSION['username'] = $username;
                        $query = sprintf("UPDATE users SET last_login = NOW() WHERE user_name = $username AND user_pass = '$user_pass'",
                                mysql_real_escape_string($username));
                        $result = mysql_query($query)  or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
							header('location:gedichten/gedichten.php');
                } else {
					$color = "red";
                        $echo = 'There is no username/password combination like that in the database.';
                }
}

?>
<html dir="ltr">
    <head>
        <title>Login</title>
        <link href="../../standard.css" type="text/css" rel="stylesheet" />
<link href='natuur.css' type='text/css' rel="stylesheet" />
    </head>
    <body>
        <table class="look" height="100%" width="100%" border="1">
            <tbody>
                <tr>
                    <td width="10%" height="100%"><iframe class="frames" src="../../functieknoppen/functieknoppennatuur.htm" frameborder="0" width="100%" height="100%" scrolling="no"></iframe>
                    </td>
                    <td><center>
				<font color="<?php echo $color; ?>"><?php echo $echo; ?></font><br>
					<form action="" method="post">
						Username: <input type="text" name="username" id="username"><br>
						Password: <input type="password" name="password"><br>
						<input type="submit" value="login"> -- <input type="reset" value="reset">
					</form>
					<script type="text/Javascript">
						document.getElementById("username").focus();
					</script>
				</td>
			</tr>
		</tbody>
	</table>
</body>
</html>

premiso Regular Member

premiso

Posted
Posted

Here is a corrected version of your code, with comments on what/why I changed it.

 

<?php
session_start();
if(isset($_POST['username'])) {
    require_once 'config.php';

    /*DATABASE SETTINGS */

$username = mysql_real_escape_string($_POST['username']); // do this here
echo "DEBUG: Username = " . $username . "<br />"; // check that it contains the right value.
    $password = md5($_POST['password']);
echo "DEBUG: Password = " . $_POST['password'] . " Encrypted = " . $password . "<br />"; // check that it contains the right value.
       
    $query = "SELECT COUNT(user_id) FROM users WHERE user_name = '$username' AND user_pass='$password'"; // not sure why you were using sprintf Since you manually define the values this should work.
    $result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
    list($count) = mysql_fetch_row($result);
if($count == 1) {
	$_SESSION['authenticated'] = true;
        $_SESSION['username'] = $_POST['username']; // just so the escaped one is not used.
	$query = "UPDATE users SET last_login = NOW() WHERE user_name = '$username' AND user_pass = '$user_pass'"; // since you put the values in, I doubt sprtinf is needed also note the added quotes to $username
	mysql_query($query)  or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
	header('location:gedichten/gedichten.php');
} else {
	$color = "red";
	$echo = 'There is no username/password combination like that in the database.';
}
}

?>

DEVILofDARKNESS Regular Member

DEVILofDARKNESS

Posted
  • Author
Posted

Ok thanks a lot everything works fine now, except one thing:

 

EDIT=    the header('location:...') doesn't work...

it gives me this:

Warning: Cannot modify header information - headers already sent by (output started at /www/uuuq.com/4/a/d/4ade/htdocs/login.php:10) in /www/uuuq.com/4/a/d/4ade/htdocs/login.php on line 23

 

ANd I'm used to use always sprintf, is that a bad habbit??

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.