Jump to content

Archived

This topic is now archived and is closed to further replies.

SilverNova

Dodgy Sessions - Please help!!

Recommended Posts

Any help here would be GREATLY appreciated!! I'm a complete noob, so be warned  :P

- I'm trying to set up a decent and secure enough log in system using sessions.

Here's the code I have:

[code]
<?php

session_start(); //start a sessions :D

$username = $_POST["username"]; //get the username from the form, as $username
$password = md5($_POST["password"]); //get the password from the form in md5

$members = mysql_connect("localhost", "***_users", "***");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db("***_users");  //select what database to use


$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'";

echo $receive;

$query = mysql_query($recieve); //do the query

if($rows = mysql_num_rows($query)) //if the query resulted with a row, start the sessions and go to the index

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}

else //if not, end incorrect sessions, and go to the index

{
    @session_destroy();
}


?>
[/code]


After logging in with the correct username and password I get:
[code]
Sorry! We could not log you in at this time. Please Try again later!

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23
[/code]

I realised that there is no defined $rows, does this matter? I'm thinking that my SQL may be wrong?!  ???

Thanks for your help! :)

NOTE: Assume " *** " as the correct info  :D

Share this post


Link to post
Share on other sites
Looks like this is your problem.

[code]
$members = mysql_connect("localhost", "lov3dco_users", "PASS");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }
[/code]

You've assigned the result of the output from mysql_connect to a variable "$members" but then tested for existence of a variable called "$users", which obviously doesn't exist.

Share this post


Link to post
Share on other sites
Wheres the $users variable comming from? Also this error:
[i]Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23[/i]
Is to do with your SQL query.

Share this post


Link to post
Share on other sites
Ah yeah!

The amount of times I've looked through and must have missed that  :-\

SQL query, ok. How do I get around this? If you dont mind :)

Share this post


Link to post
Share on other sites
Only way to understand why your query is failing is to add an or die clause to the end of the function mysql_query, so change this:
[code]$query = mysql_query($recieve); //do the query[/code]
to this:
[code]$query = mysql_query($recieve) or die("Unable to peform query - " . mysql_error()); //do the query[/code]
When you run your code again it should now return an error from MySQL which should help you understand why your query is failing. From looking at your query I believe its do with the name of your password field - password. MySQL has reserved word/function called password. So what I recommend you to do is to add backticks (`) around the word password within you SQL Query. So your query should now be this:
[code]$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]

Share this post


Link to post
Share on other sites
Wow, someone that offers help - that works! :D

Now getting:

[code]
Unable to peform query - Unknown column 'membername' in 'where clause'
[/code]

Not sure where the column "membername" comes into it? It doesn't exists in my table, but "username" does..

Share this post


Link to post
Share on other sites
Well if you just copied Wild's query it looks like he used membername in it, so replace it with the appropriate column.

Share this post


Link to post
Share on other sites
^ That means you need to change the query. You're trying to select information from a column called "membername" which doesn't exist.

[code]$recieve = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]

Share this post


Link to post
Share on other sites
Ok thanks for translation :) hehe

Well it works, as much as it doesn't give an error. I log in via "test.htm" and "test.php" is the script above.

Although this doesn't redirect me to "index.php"..

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}
[/code]

Is this telling me that the session did not start? And if not, how do I check that it has started? :)

Many thanks guys

Share this post


Link to post
Share on other sites
PHP can force a redirect with the header function:
[code]header("Location: index.php");[/code]
Make sure you have session_start(); at the top of everypage that uses sessions.

Share this post


Link to post
Share on other sites
Ok, so I've changed

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

[/code]

to

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
header("Location: index.php");

[/code]

but still no redirecting to the index?! ???

the files are found here: http://www.lov3d.com/test.htm

Username = test
Password = test

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.