Jump to content

Recommended Posts

Hello,

 

There is an error in my login script and I can't figure out what it is...

I believe it might be my "SELECT" statement...

 

Can anyone help me? 

 

<?php
//define ('SASI Services Portal');

//check if user is logged in
$loggedin==0;
if(isset($_POST['username']))
{
    $loggedin=FALSE;  //the user is not currently logged in
    
    //so, open the mysQL database
    
    //create the connection
    $con=mysql_connect("localhost", "xxxx", "xxxx");
    
    if(!$con)
    {
      die('Could not connect: ' .mysql_error());
    }
    
    mysql_select_db("my_SASI", $con);
    
    $result= mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."' AND accessLevel=1");
    
    while($row=mysql_fetch_array($result))
    {
        session_start(); //start a new session
        $_SESSION['username']=$_POST['username'];
        $_SESSION['password']=$_POST['password'];
        $_SESSION['firstname']=$row['FirstName'];
        $_SESSION['lastname']=$row['LastName'];
        $_SESSION['accesslevel']=$row['accessLevel'];
        $loggedin=TRUE;
        
    }
    
    
    
    

    
}
if($loggedin && $_SESSION['accesslevel']==0)
{
    header('Location: student_admin.php');
    exit();
    
}
if($loggedin && $_SESSION['accesslevel']==1)
{
    header('Location: teacher_admin.php');
    exit();
    
}
mysql_close($con);
?>

Link to comment
https://forums.phpfreaks.com/topic/184544-problem-with-phpmysql-login-code/
Share on other sites

no i don't.

 

It just keeps returning back to the login screen.

It should based on the information pulled from the mysql query, go to the specific pages as specified in the headers based on the user's access level.

 

I tested the while loop to make sure the query was returning the correct info...but it's not working :(

Try this code

$loggedin == 0;
if (isset($_POST['username'])) {
$loggedin = false; //the user is not currently logged in

//so, open the mysQL database

//create the connection
$con = mysql_connect("localhost", "xxxx", "xxxx");

if (!$con) {
	die('Could not connect: '.mysql_error());
}

mysql_select_db("my_SASI", $con);

$query = "
SELECT * FROM logins, users 
WHERE logins.loginID = users.userID 
AND Email_Address='".$_POST['username']."' 
AND password='".$_POST['password']."' 
AND accessLevel = '1'";
$result = mysql_query($query);
if (!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query);
$row = mysql_fetch_array($result);
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['firstname'] = $row['FirstName'];
$_SESSION['lastname'] = $row['LastName'];
$_SESSION['accesslevel'] = $row['accessLevel'];
$loggedin = true;

mysql_close($con);

}
if ($loggedin && $_SESSION['accesslevel'] == 0) {
header('Location: student_admin.php');
exit();

}
if ($loggedin && $_SESSION['accesslevel'] == 1) {
header('Location: teacher_admin.php');
exit();

}

Take out the header redirects while you are debugging, that'll help a lot.

 

Some notes:

  • == should be =
    //check if user is logged in
    $loggedin==0;


  • You should really use mysql_real_escape_string on your inputs
  • Use mysql_error to see if your query has any errors.
  • Use mysql_num_rows to see if any rows were returned before using your while loop.

Here is the code:

 

<?php
//define ('SASI Services Portal');

//check if user is logged in
$loggedin=0;
if(isset($_POST['username']))
{
    $loggedin=FALSE;  //the user is not currently logged in
    
    //so, open the mysQL database
    
    //create the connection
    $con=mysql_connect("localhost", "xxxx", "xxxx");
    
    if(!$con)
    {
      die('Could not connect: ' .mysql_error());
    }
    
    mysql_select_db("my_SASI", $con);
    
    $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."' AND accessLevel='1'");
    
    $result=mysql_query($query);
    
    if(!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query);
    
    $row=mysql_fetch_array($result);
    
    
    
       
        session_start(); //start a new session
        $_SESSION['username']=$_POST['username'];
        $_SESSION['password']=$_POST['password'];
        $_SESSION['firstname']=$row['FirstName'];
        $_SESSION['lastname']=$row['LastName'];
        $_SESSION['accesslevel']=$row['accessLevel'];
        $loggedin=TRUE;
        mysql_close($con);
        
    
    }
    
    
    
    

    

if($loggedin && $_SESSION['accesslevel']=0)
{
    //header('Location: student_admin.php');
    //exit();
    
}
if($loggedin && $_SESSION['accesslevel']=1)
{
    //header('Location: teacher_admin.php');
    //exit();
    
}

?>

$query is a mysql resource, which is why it says "Resource ID#3" However, since its not NULL, it seems that the query is executing fine. Are you sure that your query would return results? check your database, and make sure that the row you are trying to extract is indeed the same. If you are using md5 or another hash, you need to hash the password.

here is the error I am getting now:

 

Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 24

 

Resource id #3

 

here is my code:

 

<?php
//define ('SASI Services Portal');

//check if user is logged in
$loggedin=0;
if(isset($_POST['username']))
{
    $loggedin=FALSE;  //the user is not currently logged in
    
    //so, open the mysQL database
    
    //create the connection
    $con=mysql_connect("localhost", "xxxx", "xxxx");
    
    if(!$con)
    {
      die('Could not connect: ' .mysql_error());
    }
    
    mysql_select_db("my_SASI", $con);
    
    $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'");
    
    $result=mysql_query($query);
    
    if(!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query);
    
    $row=mysql_fetch_array($result);
    
    
    
       
        session_start(); //start a new session
        $_SESSION['username']=$_POST['username'];
        $_SESSION['password']=$_POST['password'];
        $_SESSION['firstname']=$row['FirstName'];
        $_SESSION['lastname']=$row['LastName'];
        $_SESSION['accesslevel']=$row['accessLevel'];
        $loggedin=TRUE;
        mysql_close($con);
        
    
    }
    
    
    
    

    

if($loggedin && $_SESSION['accesslevel']=0)
{
    //header('Location: student_admin.php');
    //exit();
    
}
if($loggedin && $_SESSION['accesslevel']=1)
{
    //header('Location: teacher_admin.php');
    //exit();
    
}

?>

$query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'");
    
    $result=mysql_query($query);

 

if you read the error message, it tells you exactly whats wrong. mysql_query takes a string that is parsed as a query. the function returns a result resource. You are doing mysql_query twice for no real reason.

get rid of

$result=mysql_query($query);

 

change:

 

$query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'");

 

to:

 

$query = "SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'";

ok seems like I am getting somewhere now...

i now receive these errors:

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 28

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 33

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 33

 

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 53

 

It's still not working :( Ugh, I can't figure out what is wrong...

 

<?php
//define ('SASI Services Portal');

//check if user is logged in

if(isset($_POST['username']))
{
    $loggedin==FALSE;  //the user is not currently logged in
    
    //so, open the mysQL database
    
    //create the connection
    $con=mysql_connect("localhost", "xxxx", "xxxx");
    
    if(!$con)
    {
      die('Could not connect: ' .mysql_error());
    }
    
    mysql_select_db("my_SASI", $con);
    
    $query = "SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'";
    $result=mysql_query($query,$con);
    
    
    
    
    $row=mysql_fetch_array($result);
    
        session_start(); //start a new session
        $_SESSION['username']=$_POST['username'];
        $_SESSION['password']=$_POST['password'];
        $_SESSION['firstname']=$row['FirstName'];
        $_SESSION['lastname']=$row['LastName'];
        $_SESSION['accesslevel']=$row['accessLevel'];
        $loggedin==TRUE;
        
        mysql_close($con);
     
        
    
    
    
    
    
    

    

if($loggedin==TRUE && $_SESSION['accesslevel']==0)
{
    header('Location: student_admin.php');
    exit();
    
}
if($loggedin==TRUE && $_SESSION['accesslevel']==1)
{
    header('Location: teacher_admin.php');
    exit();
    
}
} 
?>

This may help you, it's something I used. But the session is buggy, at the top do like..

 

<?php

session_name(blah);

session_start();

?>

 

Then here is what I used for logging in..

 

<?php
if(isset($_POST['user'])) {
@mysql_select_db($database) or die("Cannot connect to $database");
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
$rows=mysql_num_rows($result);
if($rows==1) {
$_SESSION['logged'] = 1;
$_SESSION['user'] = $username;
}
else {
echo "Error, password or username is invalid.";
}
?>

 

Use something similar to that with the login file. I've been fooling with this stuff for awhile so if you still can't get it I can spruce up the entire login and stuff for you.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.