zero_ZX Posted June 24, 2009 Share Posted June 24, 2009 Hi I have this code, and i want to check a member's password: //validating credit password $select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do: { echo "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again"; die(); } So when executing the code, i get this Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/*/public_html/lunarhosting.org/initiate_transfer.php on line 18 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/*/public_html/lunarhosting.org/initiate_transfer.php on line 20 An error occured: Your member id and/or creditpassword didn't match. Please try again I don't know if i use the right stuff in the code, i just looked at some old code i had, a decided to use it In case you need entire code: <p>Transfer resaults:</p> <?php //connect to base1 server $con = mysql_connect("localhost","nulledto_admin","deCheepiji"); if (!$con) { die('Could not connect: ' . mysql_error()); } //select the smf database mysql_select_db("nulledto_smf", $con); // Let's validate all the fields //validating credit password $select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do: { echo "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again"; die(); } //Let's see if the user tries to cheat by inserting other stuff into the transfer amount other than positive numbers. //This has been done by limiting the allowed characters in the form to 2 (two) //Let's see if the user tries to cheat by transferring more credits than he got. //Get users total points $select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") { echo "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!"; die(); } //Make sure whmcs email exists //select whmcs db mysql_select_db("nulledto_whmcs", $con); //now let's get on with the email $select = "SELECT email FROM tblcients WHERE email = '{$_POST['whmcsemail']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); if(mysql_num_rows($result) != 1); //if member id and creditpass didn't match do: { echo "An error occured: <br /> The entered email does not exists. Have you registered?"; die(); } //Is the member banned from using points? //select the db mysql_select_db("nulledto_smf", $con); //go back and check $select = "SELECT credits2 FROM smf_themes WHERE id_member = '{$_POST['memberid']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); if(mysql_num_rows($result) != Active); //if member is not an active user of credits do: { echo "An error occured: <br /> You are currently banned/suspended from the credit service. Contact MT if this is a mistake."; die(); } //DONE!! Start the transfer! // Remove the credits from smf first mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}' (points) VALUES('{$_POST['creditsamount']}' ) ") or die(mysql_error()); // mysql_query("INSERT INTO points FROM smf_members WHERE id_member = '{$_POST['memberid']}'" // VALUES ('{$_POST['creditsamount']}'); //Select whmcs database mysql_select_db("nulledto_whmcs", $con); // Insert the credits to whmcs //select the whmcs client id using the email $select = "SELECT id FROM tblclients WHERE email = '{$_POST['whmcsemail']}'"; $result = mysql_query($select, $con); $row = mysql_fetch_array($result); //k, we got the id, let's make it a storage-able variable so we can use it later on. $whmcsid = $row = mysql_fetch_array($result); //mysql_query("INSERT INTO Persons (FirstName, LastName, Age) //VALUES ('Peter', 'Griffin', '35')"); //Just some test stuff, should be removed before finaly upload. mysql_query("INSERT INTO tblcredits (clientid, date, description, amount) VALUES($whmcsid, testdate, Automatic insert by point system, '{$_POST['creditsamount']}' ) ") or die(mysql_error()); // $insert = "INSERT INTO points FROM smf_members WHERE id_member = '{$_POST['memberid']}'" // VALUES ($whmcsid); ?> Please note i use the entire code mainly for myself so it can be a bit hard to understand it ^^ Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 change $result = mysql_query($select, $con); to $result = mysql_query($select, $con) or die($select.mysql_error()); and check the error Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 Ah.. great.. seems like i made a typo in one of the rows lol.. Any way, i now get this: An error occured: Your member id and/or creditpassword didn't match. Please try again Even that my id and passwords are correct. :S should i change if(mysql_num_rows($result) != 1); to =! 1 or.. ? Thank you so much for your help so far Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 this should be fine if(mysql_num_rows($result) > 0); Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 Hmm, doesn't work either Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 try these changes, to get a bit of debug info //validating credit password $select = "SELECT member_id FROM smf_themes WHERE idmember_ = '{$_POST['memberid']}' and credits = '{$_POST['creditpass']}'"; $result = mysql_query($select, $con) or die($select.mysql_error()); //update $row = mysql_fetch_array($result); //debug echo "SQL: $select<br />/n"; var_dump($row); //end debug if(mysql_num_rows($result) > 0); //if member id and creditpass didn't match do: { echo "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again"; die(); } Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 SQL: SELECT id_member FROM smf_themes WHERE id_member = '1' and value = 'testpass' /narray(2) { [0]=> string(1) "1" ["id_member"]=> string(1) "1" } An error occured: Your member id and/or creditpassword didn't match. Please try again Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 LOL, sorry it should be if(mysql_num_rows($result) == 0); / I normally write is the other way (if a user is found then so XYZ) so kinda missed the error Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 Ah ok ^^ Still SQL: SELECT id_member FROM smf_themes WHERE id_member = '1' and value = 'testpass' /narray(2) { [0]=> string(1) "1" ["id_member"]=> string(1) "1" } An error occured: Your member id and/or creditpassword didn't match. Please try again Tho Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 this is the exact code you should be using if(mysql_num_rows($result) == 0) //if member id and creditpass didn't match do: { echo "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again"; die(); } Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 I figured out the error where longer down Any way, i'm not sure that i know the true/false arguments, because now it says that i don't have enough points even that i have it ^^ //Let's see if the user tries to cheat by transferring more credits than he got. //Get users total points $select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}'"; $result = mysql_query($select, $con) or die($select.mysql_error()); $row = mysql_fetch_array($result); if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") { echo "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!"; die(); } Any way, this script is supposed to transfer points from one place to another, so when i subtract the points can i then insert something like this: mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}' (points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here? or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 24, 2009 Share Posted June 24, 2009 this line if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") doesn't make any sense! or this one! mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}' (points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here? or die(mysql_error()); make what sign ? Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 this line if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") doesn't make any sense! or this one! mysql_query("INSERT INTO smf_members WHERE id_member = '{$_POST['memberid']}' (points) VALUES('-{$_POST['creditsamount']}' ) ") //can i make a - sign here? or die(mysql_error()); make what sign ? First, well if the creditsamount is bigger than the amount of credits users has on his account, the script should die The - sign. So i can "subtract" credits from a users account. Quote Link to comment Share on other sites More sharing options...
aggrav8d Posted June 24, 2009 Share Posted June 24, 2009 // always sanitize your data to prevent injection attacks $id=addslashes($_POST['memberid']); $cp=addslashes($_POST['creditpass']); // limit your query to make it faster $select = "SELECT member_id FROM smf_themes WHERE idmember_ = '$id' and credits = '$cp' LIMIT 1"; $result = mysql_query($select, $con); // if nothing was found num rows will be zero. if(mysql_num_rows($result)==0) { //if member id and creditpass didn't match do: echo "An error occured: <br /> Your member id and/or creditpassword didn't match. Please try again"; die(); } // don't try to fetch until you know there's something to fetch. $row = mysql_fetch_array($result); Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 Thanks for your great help. I'm still a new programmer ^.^ only one way to go i guess Still for my other issue $select = "SELECT points FROM smf_members WHERE id_member = '{$_POST['memberid']}'"; $result = mysql_query($select, $con) or die($select.mysql_error()); $row = mysql_fetch_array($result); Here i want to check how many points the given member has. if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") { echo "An error occured: <br /> Are you trying to cheat? You do not have enough points to do this!"; die(); } So if the entered amount is bigger than the amount of the member has then die. Still am i allowed to put a minus? Quote Link to comment Share on other sites More sharing options...
aggrav8d Posted June 24, 2009 Share Posted June 24, 2009 if ("'{$_POST['creditsamount']}' > (mysql_num_rows($result)") can be written as if ($_POST['creditsamount'] > mysql_num_rows($result)) but it still doesn't make much sense. $id=addslashes($_POST['memberid']); $select = "SELECT points FROM smf_members WHERE id_member = '$id' LIMIT 1"; // or trigger_error() is better than or die(). $result = mysql_query($select, $con) or die($select.mysql_error()); list($points) = mysql_fetch_row($result); will get you the number of points. if you're trying to credit their account then you probably want to have something like $select = "SELECT points FROM `smf_members` WHERE id_member='$mid' LIMIT 1"; // or trigger_error() is better than or die(). $result = mysql_query($select, $con) or die($select.mysql_error()); list($points) = mysql_fetch_row($result); $select = "SELECT cost FROM `smf_actions` WHERE action_id='$aid' LIMIT 1"; // or trigger_error() is better than or die(). $result = mysql_query($select, $con) or die($select.mysql_error()); list($cost) = mysql_fetch_row($result); if($cost>$points) { echo "You don't have enough points to do that!"; } else { $new_points=$points-$cost; $select = "UPDATE `smf_members` SET points='$new_points' WHERE id_member='$mid' LIMIT 1"; // or trigger_error() is better than or die(). mysql_query($select, $con) or die($select.mysql_error()); echo "Done! You now have $new_points points."; } This lets you adjust the cost of various things through the database and it prevents some clever hacker from sending in a bad POST with a funny creditsamount. Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 Hi I'm not trying to credit their account. It's just like bank transaction. The users transfers credits for one account to another. So i need to check that when the user transfer credits to another account, that they wont transfer more credits than they already have, as the account they are transferring to is owned by themselves. Could you explain your code further? I'm glad you helped and even fixed everything for me lol, but i would like to understand what's actually going on. I dont post here to get free programming Thank you so much in advance. Quote Link to comment Share on other sites More sharing options...
aggrav8d Posted June 24, 2009 Share Posted June 24, 2009 Aaaah. I didn't understand your question. so you have a database with `accounts` that has something like acct_id,member_id,amount ? Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 24, 2009 Author Share Posted June 24, 2009 I guess i'd better explain all of it. I wanner run a post to host forum, and i want to use smf (forum software) and whmcs (billing software) to do this. There's no actual bridge or module for whmcs to check posts on a forum, so i decided to use the built-in credit system, and integrate that with the credit system in smf. So when you make post you get one credit on the forum. When the user orders a package it costs xx credits, however the user needs the credits on the whmcs, not smf. So this script is transferring credits from smf to whmcs. I use several tables. I have a smf_member table to check how many points the user has i has smf_themes to check if the user is banned from the system, and to check the credit password. I have tblclient to check if the whmcs email is correct, and to get the whmcs client id. Then atleast i have the table tblcredits where i must put the whmcs client id, and the amount of credits the user should have. (it creates a new row every time credits are added, however it's okay.. script is encoded, and i just want something functional to start with ^^) Hope that clear things out a bit Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 25, 2009 Author Share Posted June 25, 2009 Bump ^.^ Quote Link to comment Share on other sites More sharing options...
zero_ZX Posted June 28, 2009 Author Share Posted June 28, 2009 Bump? :S Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.