husslela03 Posted December 9, 2009 Share Posted December 9, 2009 Hello, There is an error in my login script and I can't figure out what it is... I believe it might be my "SELECT" statement... Can anyone help me? <?php //define ('SASI Services Portal'); //check if user is logged in $loggedin==0; if(isset($_POST['username'])) { $loggedin=FALSE; //the user is not currently logged in //so, open the mysQL database //create the connection $con=mysql_connect("localhost", "xxxx", "xxxx"); if(!$con) { die('Could not connect: ' .mysql_error()); } mysql_select_db("my_SASI", $con); $result= mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."' AND accessLevel=1"); while($row=mysql_fetch_array($result)) { session_start(); //start a new session $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; $_SESSION['firstname']=$row['FirstName']; $_SESSION['lastname']=$row['LastName']; $_SESSION['accesslevel']=$row['accessLevel']; $loggedin=TRUE; } } if($loggedin && $_SESSION['accesslevel']==0) { header('Location: student_admin.php'); exit(); } if($loggedin && $_SESSION['accesslevel']==1) { header('Location: teacher_admin.php'); exit(); } mysql_close($con); ?> Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted December 9, 2009 Share Posted December 9, 2009 Do you get any mysql errors? Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 9, 2009 Author Share Posted December 9, 2009 no i don't. It just keeps returning back to the login screen. It should based on the information pulled from the mysql query, go to the specific pages as specified in the headers based on the user's access level. I tested the while loop to make sure the query was returning the correct info...but it's not working Quote Link to comment Share on other sites More sharing options...
JAY6390 Posted December 9, 2009 Share Posted December 9, 2009 Try this code $loggedin == 0; if (isset($_POST['username'])) { $loggedin = false; //the user is not currently logged in //so, open the mysQL database //create the connection $con = mysql_connect("localhost", "xxxx", "xxxx"); if (!$con) { die('Could not connect: '.mysql_error()); } mysql_select_db("my_SASI", $con); $query = " SELECT * FROM logins, users WHERE logins.loginID = users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."' AND accessLevel = '1'"; $result = mysql_query($query); if (!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query); $row = mysql_fetch_array($result); session_start(); $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; $_SESSION['firstname'] = $row['FirstName']; $_SESSION['lastname'] = $row['LastName']; $_SESSION['accesslevel'] = $row['accessLevel']; $loggedin = true; mysql_close($con); } if ($loggedin && $_SESSION['accesslevel'] == 0) { header('Location: student_admin.php'); exit(); } if ($loggedin && $_SESSION['accesslevel'] == 1) { header('Location: teacher_admin.php'); exit(); } Quote Link to comment Share on other sites More sharing options...
Philip Posted December 9, 2009 Share Posted December 9, 2009 Take out the header redirects while you are debugging, that'll help a lot. Some notes: == should be =//check if user is logged in $loggedin==0; You should really use mysql_real_escape_string on your inputs Use mysql_error to see if your query has any errors. Use mysql_num_rows to see if any rows were returned before using your while loop. Quote Link to comment Share on other sites More sharing options...
forumforme123 Posted December 10, 2009 Share Posted December 10, 2009 the last time something like that happened to me was because i missed out this: session_start(); at the beginning of my redirected pages. Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 10, 2009 Author Share Posted December 10, 2009 I'm getting an error now eith this code, it says "Resource ID#3" Quote Link to comment Share on other sites More sharing options...
Philip Posted December 10, 2009 Share Posted December 10, 2009 That's typically when you try to echo a mysql resource. You most likely need to use mysql_fetch_assoc/array, but without seeing updated code it's hard to know. Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 10, 2009 Author Share Posted December 10, 2009 Here is the code: <?php //define ('SASI Services Portal'); //check if user is logged in $loggedin=0; if(isset($_POST['username'])) { $loggedin=FALSE; //the user is not currently logged in //so, open the mysQL database //create the connection $con=mysql_connect("localhost", "xxxx", "xxxx"); if(!$con) { die('Could not connect: ' .mysql_error()); } mysql_select_db("my_SASI", $con); $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."' AND accessLevel='1'"); $result=mysql_query($query); if(!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query); $row=mysql_fetch_array($result); session_start(); //start a new session $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; $_SESSION['firstname']=$row['FirstName']; $_SESSION['lastname']=$row['LastName']; $_SESSION['accesslevel']=$row['accessLevel']; $loggedin=TRUE; mysql_close($con); } if($loggedin && $_SESSION['accesslevel']=0) { //header('Location: student_admin.php'); //exit(); } if($loggedin && $_SESSION['accesslevel']=1) { //header('Location: teacher_admin.php'); //exit(); } ?> Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted December 10, 2009 Share Posted December 10, 2009 $query is a mysql resource, which is why it says "Resource ID#3" However, since its not NULL, it seems that the query is executing fine. Are you sure that your query would return results? check your database, and make sure that the row you are trying to extract is indeed the same. If you are using md5 or another hash, you need to hash the password. Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 10, 2009 Author Share Posted December 10, 2009 here is the error I am getting now: Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 24 Resource id #3 here is my code: <?php //define ('SASI Services Portal'); //check if user is logged in $loggedin=0; if(isset($_POST['username'])) { $loggedin=FALSE; //the user is not currently logged in //so, open the mysQL database //create the connection $con=mysql_connect("localhost", "xxxx", "xxxx"); if(!$con) { die('Could not connect: ' .mysql_error()); } mysql_select_db("my_SASI", $con); $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'"); $result=mysql_query($query); if(!$result || mysql_num_rows($result) != 1) die(mysql_error().'<br />'.$query); $row=mysql_fetch_array($result); session_start(); //start a new session $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; $_SESSION['firstname']=$row['FirstName']; $_SESSION['lastname']=$row['LastName']; $_SESSION['accesslevel']=$row['accessLevel']; $loggedin=TRUE; mysql_close($con); } if($loggedin && $_SESSION['accesslevel']=0) { //header('Location: student_admin.php'); //exit(); } if($loggedin && $_SESSION['accesslevel']=1) { //header('Location: teacher_admin.php'); //exit(); } ?> Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted December 10, 2009 Share Posted December 10, 2009 $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'"); $result=mysql_query($query); if you read the error message, it tells you exactly whats wrong. mysql_query takes a string that is parsed as a query. the function returns a result resource. You are doing mysql_query twice for no real reason. get rid of $result=mysql_query($query); Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted December 10, 2009 Share Posted December 10, 2009 change: $query=mysql_query("SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'"); to: $query = "SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'"; Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 10, 2009 Author Share Posted December 10, 2009 ok seems like I am getting somewhere now... i now receive these errors: Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 28 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 33 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 33 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SASI\sassi_mainMYSQL.php:28) in C:\xampp\htdocs\SASI\sassi_mainMYSQL.php on line 53 Quote Link to comment Share on other sites More sharing options...
husslela03 Posted December 10, 2009 Author Share Posted December 10, 2009 It's still not working Ugh, I can't figure out what is wrong... <?php //define ('SASI Services Portal'); //check if user is logged in if(isset($_POST['username'])) { $loggedin==FALSE; //the user is not currently logged in //so, open the mysQL database //create the connection $con=mysql_connect("localhost", "xxxx", "xxxx"); if(!$con) { die('Could not connect: ' .mysql_error()); } mysql_select_db("my_SASI", $con); $query = "SELECT * FROM logins, users WHERE logins.loginID=users.userID AND Email_Address='".$_POST['username']."' AND password='".$_POST['password']."'"; $result=mysql_query($query,$con); $row=mysql_fetch_array($result); session_start(); //start a new session $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; $_SESSION['firstname']=$row['FirstName']; $_SESSION['lastname']=$row['LastName']; $_SESSION['accesslevel']=$row['accessLevel']; $loggedin==TRUE; mysql_close($con); if($loggedin==TRUE && $_SESSION['accesslevel']==0) { header('Location: student_admin.php'); exit(); } if($loggedin==TRUE && $_SESSION['accesslevel']==1) { header('Location: teacher_admin.php'); exit(); } } ?> Quote Link to comment Share on other sites More sharing options...
Tonic-_- Posted December 10, 2009 Share Posted December 10, 2009 This may help you, it's something I used. But the session is buggy, at the top do like.. <?php session_name(blah); session_start(); ?> Then here is what I used for logging in.. <?php if(isset($_POST['user'])) { @mysql_select_db($database) or die("Cannot connect to $database"); $sql = "SELECT * FROM users WHERE username='$username' and password='$password'"; $result = mysql_query($sql); $rows=mysql_num_rows($result); if($rows==1) { $_SESSION['logged'] = 1; $_SESSION['user'] = $username; } else { echo "Error, password or username is invalid."; } ?> Use something similar to that with the login file. I've been fooling with this stuff for awhile so if you still can't get it I can spruce up the entire login and stuff for you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.