EATON106 Posted August 13, 2010 Share Posted August 13, 2010 Hi, Im using the code below to check a users username and password is ligit before adding their username to their session. <?php $con = mysql_connect("localhost","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("hiddenbid", $con); $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password']); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql)=1){ $_SESSION['USERID'] = $username; print "<b>Welcome</b>, you are signed in as " . $_SESSION['USERID'] . "."; print "<br /><br />Redirecting..."; header ("location:index.php"); } else{ header ("location:signin.php"); } ?> Anyway, it doesnt work as I get the following error: Fatal error: Can't use function return value in write context in C:\Program Files\Abyss Web Server\htdocs\signinconfirmer.php on line 35 Any ideas what is causing this please? Also can I add a pause after the redirect message before it takes the user to the index.php page? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 13, 2010 Share Posted August 13, 2010 Hi You are assigning 1 to the return from mysql_num_rows, rather than checking it. You need 2 equals signs:- if(mysql_num_rows($mysql)==1){ All the best Keith Quote Link to comment Share on other sites More sharing options...
EATON106 Posted August 13, 2010 Author Share Posted August 13, 2010 Hi You are assigning 1 to the return from mysql_num_rows, rather than checking it. You need 2 equals signs:- if(mysql_num_rows($mysql)==1){ All the best Keith Thanks Keith, however it still doesn't like it as returns me to the signin.php page regardless of if the username and password are incorrect or not. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 13, 2010 Share Posted August 13, 2010 You are sending output to the browser before trying to redirect. It won't work that way; you can't output anything before a header() redirect. Quote Link to comment Share on other sites More sharing options...
EATON106 Posted August 13, 2010 Author Share Posted August 13, 2010 You are sending output to the browser before trying to redirect. It won't work that way; you can't output anything before a header() redirect. It's not ever looking at that as I have tested without the header() and it still does the same. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 13, 2010 Share Posted August 13, 2010 Then what are you getting, exactly? Are you getting the "Welcome, you are signed in as . . ." message, or something else? Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 13, 2010 Share Posted August 13, 2010 Thanks Keith, however it still doesn't like it as returns me to the signin.php page regardless of if the username and password are incorrect or not. Suspect that is down to the unnecessary curly brackets in your SQL statement. All the best Keith Quote Link to comment Share on other sites More sharing options...
EATON106 Posted August 13, 2010 Author Share Posted August 13, 2010 Then what are you getting, exactly? Are you getting the "Welcome, you are signed in as . . ." message, or something else? It seems to just run the else statement and put me back to the signin.php. Which curly brackets please? Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 13, 2010 Share Posted August 13, 2010 Hi These ones:- $mysql = mysql_query("SELECT * FROM users WHERE name = '{$username}' AND password = '{$password}'"); All the best Keith Quote Link to comment Share on other sites More sharing options...
EATON106 Posted August 13, 2010 Author Share Posted August 13, 2010 I removed the brackets you mentioned and unfortunately it still does the same!? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 13, 2010 Share Posted August 13, 2010 Put this echo '<pre>'; print_r($_POST); echo '</pre>'; at the top of the script to make sure the values are making it to the script in the $_POST array. Then, immediately after you assign the query string to the $mysql variable, echo it also. echo '<br />' . $mysql . '<br />; Quote Link to comment Share on other sites More sharing options...
kickstart Posted August 13, 2010 Share Posted August 13, 2010 Hi In which case echo out the SQL and try it directly using phpmyadmin or equivalent. Has the password in the database been stored as an MD5 hash? All the best Keith Quote Link to comment Share on other sites More sharing options...
EATON106 Posted August 13, 2010 Author Share Posted August 13, 2010 D'oh! Thanks for all your help however I was being a fool. My table contains username and not name so the query would never find anything. Sorry to waste your time! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.