bravo14 Posted October 5, 2010 Share Posted October 5, 2010 Hi I am trying to create a login script using the code below <?php session_start(); include_once('includes/connect.php'); $user=$_POST['username']; $password=$_POST['password']; //check if username and password exists $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password=md5('$password')"); if(mysql_num_rows($checkuser) > 0) //login name was found //if they do return to home page with relevant include { $user_row = mysql_fetch_array($checkuser); $_SESSION['auth']="yes"; $_SESSION['logname'] = $user_row['forename']; $_SESSION['usertype'] = $user_row['usertype']; header("Location: index.php"); exit; } //if not display login form with message that says logon details are incorrects else { echo('Do something else'); } ?> However I get a message saying that mysql_num_rows is not a valid resource. Any ideas where I am going wrong? Link to comment https://forums.phpfreaks.com/topic/215187-mysql_num_rows/ Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 MD5() is not a MySQL function - try this: $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password='".md5($password)."'"); Link to comment https://forums.phpfreaks.com/topic/215187-mysql_num_rows/#findComment-1119187 Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 Oh, and rather than store the username and other info of a successful login inside session variables - store the row ID number instead then just look that up each time. $checkuser=mysql_query("SELECT `id`,`forename`,`usertype` from `tbl_users` where username = '$user' and password='".md5($password)."'");if (mysql_num_rows($checkuser) > 0) { //have we got any results to process? $row=mysql_fetch_assoc($checkuser); $_SESSION['uID']=$row['id']; header("Location: index.php"); exit; } else { //if not display login form with message that says logon details are incorrects echo 'Do something else' ; } Then on other scripts read the user details from the uID session var from the user table each time and validate there. Link to comment https://forums.phpfreaks.com/topic/215187-mysql_num_rows/#findComment-1119190 Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 Sorry query should be: $checkuser=mysql_query("SELECT `id` from `tbl_users` where username = '".$user."' and password='".md5($password)."'"); Link to comment https://forums.phpfreaks.com/topic/215187-mysql_num_rows/#findComment-1119191 Share on other sites More sharing options...
trq Posted October 5, 2010 Share Posted October 5, 2010 MD5() is not a MySQL function - try this: $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password='".md5($password)."'"); MD5 is a mysql function. http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_md5 Link to comment https://forums.phpfreaks.com/topic/215187-mysql_num_rows/#findComment-1119193 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.