Jump to content


Photo

Dodgy Sessions - Please help!!


  • Please log in to reply
10 replies to this topic

#1 SilverNova

SilverNova
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 31 July 2006 - 01:59 PM

Any help here would be GREATLY appreciated!! I'm a complete noob, so be warned  :P

- I'm trying to set up a decent and secure enough log in system using sessions.

Here's the code I have:

<?php

session_start(); //start a sessions :D

$username = $_POST["username"]; //get the username from the form, as $username
$password = md5($_POST["password"]); //get the password from the form in md5

$members = mysql_connect("localhost", "***_users", "***");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db("***_users");  //select what database to use


$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'";

echo $receive;

$query = mysql_query($recieve); //do the query

if($rows = mysql_num_rows($query)) //if the query resulted with a row, start the sessions and go to the index

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
    
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}

else //if not, end incorrect sessions, and go to the index

{
    @session_destroy();
}


?>


After logging in with the correct username and password I get:
Sorry! We could not log you in at this time. Please Try again later!

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23

I realised that there is no defined $rows, does this matter? I'm thinking that my SQL may be wrong?!  ???

Thanks for your help! :)

NOTE: Assume " *** " as the correct info  :D

#2 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 31 July 2006 - 02:03 PM

Looks like this is your problem.

$members = mysql_connect("localhost", "lov3dco_users", "PASS");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

You've assigned the result of the output from mysql_connect to a variable "$members" but then tested for existence of a variable called "$users", which obviously doesn't exist.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#3 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 31 July 2006 - 02:08 PM

Wheres the $users variable comming from? Also this error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23
Is to do with your SQL query.

#4 SilverNova

SilverNova
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 31 July 2006 - 02:12 PM

Ah yeah!

The amount of times I've looked through and must have missed that  :-\

SQL query, ok. How do I get around this? If you dont mind :)

#5 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 31 July 2006 - 02:19 PM

Only way to understand why your query is failing is to add an or die clause to the end of the function mysql_query, so change this:
$query = mysql_query($recieve); //do the query
to this:
$query = mysql_query($recieve) or die("Unable to peform query - " . mysql_error()); //do the query
When you run your code again it should now return an error from MySQL which should help you understand why your query is failing. From looking at your query I believe its do with the name of your password field - password. MySQL has reserved word/function called password. So what I recommend you to do is to add backticks (`) around the word password within you SQL Query. So your query should now be this:
$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";


#6 SilverNova

SilverNova
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 31 July 2006 - 02:24 PM

Wow, someone that offers help - that works! :D

Now getting:

Unable to peform query - Unknown column 'membername' in 'where clause'

Not sure where the column "membername" comes into it? It doesn't exists in my table, but "username" does..

#7 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 31 July 2006 - 03:51 PM

Well if you just copied Wild's query it looks like he used membername in it, so replace it with the appropriate column.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#8 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 31 July 2006 - 03:52 PM

^ That means you need to change the query. You're trying to select information from a column called "membername" which doesn't exist.

$recieve = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#9 SilverNova

SilverNova
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 31 July 2006 - 04:15 PM

Ok thanks for translation :) hehe

Well it works, as much as it doesn't give an error. I log in via "test.htm" and "test.php" is the script above.

Although this doesn't redirect me to "index.php"..

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
    
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}

Is this telling me that the session did not start? And if not, how do I check that it has started? :)

Many thanks guys

#10 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 31 July 2006 - 04:29 PM

PHP can force a redirect with the header function:
header("Location: index.php");
Make sure you have session_start(); at the top of everypage that uses sessions.

#11 SilverNova

SilverNova
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 31 July 2006 - 05:10 PM

Ok, so I've changed

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
    
echo "<meta http-equiv='refresh' content='0; url=index.php' />";


to

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
    
header("Location: index.php");


but still no redirecting to the index?! ???

the files are found here: http://www.lov3d.com/test.htm

Username = test
Password = test




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users