Problem with PHP/mySQL login code

[husslela03]

Hello I have a login code below:

 

I keep receiving this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\SASI\check_login.php on line 17

 

I can't figure out what is wrong, but it seems to be always hitting the else statement of saying wrong username or password.

 

<?php

$con=mysql_connect("localhost", "xxxx", "xxxxx") or die ("cannot connect");
mysql_select_db("my_sasi") or die ("cannot select database");

$user=$_POST['username'];
$pass=$_POST['password'];

$user_name=stripslashes($user);
$pass_code=stripslashes($pass);
$username=mysql_real_escape_string($user_name);
$password=mysql_real_escape_string($pass_code);

$sql="SELECT * FROM logins, users WHERE logins.loginID==users.loginID AND logins.Email_Address='$username' AND logins.password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
echo $count;



if($count==1)
{
  
  session_register("username");
  session_register("password");
  session_register("accessLevel");
  header("Location:login_success.php");
}

else
{
  echo 'Wrong Username or Password';
  
  
  
  

}

mysql_close($con);
?>

[wildteen88]

mysql_query is returning false, which means there is a problem with your query.

Change

$result = mysql_query($sql);

to

$result = mysql_query($sql) or trigger_error(mysql_error());

 

Post the error message that is given?

[husslela03]

I received an error that there was an error in my syntax of my query, but I fixed it to changing it to only one equals sign instead of two...

 

however my login is still not working.

 

i don't know why, my username and password is right...i still get wrong username or password

[wildteen88]

How are you storing your passwords in your database? Are you encrypting them, eg MD5, SHA1 etc? If you are storing your password in an encrypted form you'll also need to encrypt the password being placed within your query

[husslela03]

Well I'm storing them at the moment in clear text, but I eventuall will encrypt, these are just test accounts to get the service area working.

 

[husslela03]

I thought maybe that my usernames were not being accepted because of their characters, but I just tried straight letters and no special characters and it still did not work.

 

I can't figure out what is wrong.

[mrMarcus]

echo your query $sql and make sure that everything matches up with the $_POST'ed value against the values in the db.

[husslela03]

Yes, the post values, match.

 

It just echoed basically the whole SELECT string and printed the post values.

 

Is there anyway I can test what the query is returning?

Like the values?

 

[husslela03]

Maybe I need to have a loop that goes through each of the rows in that table and looks for that username and password..

[mrMarcus]

what about this line:

 

logins.loginID==users.loginID

 

is there a loginID in logins that is equal to loginID in users?  and does it also have a username and password that match that of the username and password in the query?

 

Maybe I need to have a loop that goes through each of the rows in that table and looks for that username and password..

 

that's what the query does .. it queries the database table in question for a match as per the conditions in the query statement.  that is whjy every condition must be met.

 

the rest of your code seems fine (aside from register_session(), but that won't affect the query), so if you do get a match from the query, your IF statement (if ($count == 1)) will let you know the result (a match or no match by the respective output.

[husslela03]

No the logins table has loginID, Email_Address, and Password

 

Users table has

UserID, LoginID(Foreign Key for Logins), FirstName, LastName, accessLevel, status

 

 

[mrMarcus]

No the logins table has loginID, Email_Address, and Password

 

Users table has

UserID, LoginID(Foreign Key for Logins), FirstName, LastName, accessLevel, status

 

 

 

no ... what?  no, this condition isn't met: logins.loginID=users.loginID ?

[husslela03]

You asked if the user table also has username and password.  It does not.

 

So should i just query the login table for the username and password..

but i also need to pull the accessLevel from the users table, because that directs to what page the member will be directed to, based on their access level.

 

 

[mrMarcus]

if you are positive everything in your query matches with what is in the database, and you aren't receiving any errors, then i got nothing else to say as the only thing stopping the script from working would be your query credentials not matching those in your tables.

[PFMaBiSmAd]

You are doing a cross-join of logins and users. If there are corresponding rows in each table, you will get two rows in your result set, not one. When you are echoing $count what do you get and why are you even using the logins table in that query?

[husslela03]

Maybe if I combine the login and user tables into one table?

 

 

Then do a select all.