Jump to content

Dodgy Sessions - Please help!!


SilverNova

Recommended Posts

Any help here would be GREATLY appreciated!! I'm a complete noob, so be warned  :P

- I'm trying to set up a decent and secure enough log in system using sessions.

Here's the code I have:

[code]
<?php

session_start(); //start a sessions :D

$username = $_POST["username"]; //get the username from the form, as $username
$password = md5($_POST["password"]); //get the password from the form in md5

$members = mysql_connect("localhost", "***_users", "***");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db("***_users");  //select what database to use


$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'";

echo $receive;

$query = mysql_query($recieve); //do the query

if($rows = mysql_num_rows($query)) //if the query resulted with a row, start the sessions and go to the index

{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}

else //if not, end incorrect sessions, and go to the index

{
    @session_destroy();
}


?>
[/code]


After logging in with the correct username and password I get:
[code]
Sorry! We could not log you in at this time. Please Try again later!

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/***/public_html/test.php on line 23
[/code]

I realised that there is no defined $rows, does this matter? I'm thinking that my SQL may be wrong?!  ???

Thanks for your help! :)

NOTE: Assume " *** " as the correct info  :D
Link to comment
Share on other sites

Looks like this is your problem.

[code]
$members = mysql_connect("localhost", "lov3dco_users", "PASS");
    if(!$users) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }
[/code]

You've assigned the result of the output from mysql_connect to a variable "$members" but then tested for existence of a variable called "$users", which obviously doesn't exist.
Link to comment
Share on other sites

Only way to understand why your query is failing is to add an or die clause to the end of the function mysql_query, so change this:
[code]$query = mysql_query($recieve); //do the query[/code]
to this:
[code]$query = mysql_query($recieve) or die("Unable to peform query - " . mysql_error()); //do the query[/code]
When you run your code again it should now return an error from MySQL which should help you understand why your query is failing. From looking at your query I believe its do with the name of your password field - password. MySQL has reserved word/function called password. So what I recommend you to do is to add backticks (`) around the word password within you SQL Query. So your query should now be this:
[code]$recieve = "SELECT * FROM users WHERE membername='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]
Link to comment
Share on other sites

Wow, someone that offers help - that works! :D

Now getting:

[code]
Unable to peform query - Unknown column 'membername' in 'where clause'
[/code]

Not sure where the column "membername" comes into it? It doesn't exists in my table, but "username" does..
Link to comment
Share on other sites

^ That means you need to change the query. You're trying to select information from a column called "membername" which doesn't exist.

[code]$recieve = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."'";[/code]
Link to comment
Share on other sites

Ok thanks for translation :) hehe

Well it works, as much as it doesn't give an error. I log in via "test.htm" and "test.php" is the script above.

Although this doesn't redirect me to "index.php"..

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

}
[/code]

Is this telling me that the session did not start? And if not, how do I check that it has started? :)

Many thanks guys
Link to comment
Share on other sites

Ok, so I've changed

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
echo "<meta http-equiv='refresh' content='0; url=index.php' />";

[/code]

to

[code]
{
    $_SESSION["password"] = $password; //store the users password in a sesions var
    $_SESSION["username"] = $username; //store the username in a session var
   
header("Location: index.php");

[/code]

but still no redirecting to the index?! ???

the files are found here: http://www.lov3d.com/test.htm

Username = test
Password = test
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.