Jump to content

Dodgy Sessions - Please help!!

SilverNova

By SilverNova
in PHP Coding Help

 Share

Recommended Posts

SilverNova Newbie

SilverNova

Posted
Posted
Any help here would be GREATLY appreciated!! I'm a complete noob, so be warned  :P

- I'm trying to set up a decent and secure enough log in system using sessions.

Here's the code I have:

[code]
<?php

session_start(); //start a sessions :D

$username = $_POST["username"]; //get the username from the form, as $username
$password = md5($_POST["password"]); //get the password from the form in md5

$members = mysql_connect("localhost", "***_users", "***");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db("***_users");  //select what database to use


$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'";

echo $receive;

$query = mysql_query($recieve); //do the query

if($rows = mysql_num_rows($query)) //if the query resulted with a row, start the sessions and go to the index

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}

else //if not, end incorrect sessions, and go to the index

{
    @session_destroy();
}


?>
[/code]


After logging in with the correct username and password I get:
[code]
Sorry! We could not log you in at this time. Please Try again later!

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23
[/code]

I realised that there is no defined $rows, does this matter? I'm thinking that my SQL may be wrong?!  ???

Thanks for your help! :)

NOTE: Assume " *** " as the correct info  :D
Link to comment
https://forums.phpfreaks.com/topic/16102-dodgy-sessions-please-help/
Share on other sites
king arthur Member

king arthur

Posted
Posted
Looks like this is your problem.

[code]
$members = mysql_connect("localhost", "lov3dco_users", "PASS");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }
[/code]

You've assigned the result of the output from mysql_connect to a variable "$members" but then tested for existence of a variable called "$users", which obviously doesn't exist.
wildteen88 Regular Member

wildteen88

Posted
Posted
Only way to understand why your query is failing is to add an or die clause to the end of the function mysql_query, so change this:
[code]$query = mysql_query($recieve); //do the query[/code]
to this:
[code]$query = mysql_query($recieve) or die("Unable to peform query - " . mysql_error()); //do the query[/code]
When you run your code again it should now return an error from MySQL which should help you understand why your query is failing. From looking at your query I believe its do with the name of your password field - password. MySQL has reserved word/function called password. So what I recommend you to do is to add backticks (`) around the word password within you SQL Query. So your query should now be this:
[code]$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]
pixy Member

pixy

Posted
Posted
^ That means you need to change the query. You're trying to select information from a column called "membername" which doesn't exist.

[code]$recieve = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]
SilverNova Newbie

SilverNova

Posted
  • Author
Posted
Ok thanks for translation :) hehe

Well it works, as much as it doesn't give an error. I log in via "test.htm" and "test.php" is the script above.

Although this doesn't redirect me to "index.php"..

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}
[/code]

Is this telling me that the session did not start? And if not, how do I check that it has started? :)

Many thanks guys
SilverNova Newbie

SilverNova

Posted
  • Author
Posted
Ok, so I've changed

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

[/code]

to

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
header("Location: index.php");

[/code]

but still no redirecting to the index?! ???

the files are found here: http://www.lov3d.com/test.htm

Username = test
Password = test
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.