bravo14 Posted October 5, 2010 Share Posted October 5, 2010 Hi I am trying to create a login script using the code below <?php session_start(); include_once('includes/connect.php'); $user=$_POST['username']; $password=$_POST['password']; //check if username and password exists $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password=md5('$password')"); if(mysql_num_rows($checkuser) > 0) //login name was found //if they do return to home page with relevant include { $user_row = mysql_fetch_array($checkuser); $_SESSION['auth']="yes"; $_SESSION['logname'] = $user_row['forename']; $_SESSION['usertype'] = $user_row['usertype']; header("Location: index.php"); exit; } //if not display login form with message that says logon details are incorrects else { echo('Do something else'); } ?> However I get a message saying that mysql_num_rows is not a valid resource. Any ideas where I am going wrong? Quote Link to comment Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 MD5() is not a MySQL function - try this: $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password='".md5($password)."'"); Quote Link to comment Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 Oh, and rather than store the username and other info of a successful login inside session variables - store the row ID number instead then just look that up each time. $checkuser=mysql_query("SELECT `id`,`forename`,`usertype` from `tbl_users` where username = '$user' and password='".md5($password)."'");if (mysql_num_rows($checkuser) > 0) { //have we got any results to process? $row=mysql_fetch_assoc($checkuser); $_SESSION['uID']=$row['id']; header("Location: index.php"); exit; } else { //if not display login form with message that says logon details are incorrects echo 'Do something else' ; } Then on other scripts read the user details from the uID session var from the user table each time and validate there. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted October 5, 2010 Share Posted October 5, 2010 Sorry query should be: $checkuser=mysql_query("SELECT `id` from `tbl_users` where username = '".$user."' and password='".md5($password)."'"); Quote Link to comment Share on other sites More sharing options...
trq Posted October 5, 2010 Share Posted October 5, 2010 MD5() is not a MySQL function - try this: $checkuser=mysql_query("SELECT * from `tbl_users` where username = '$user' and password='".md5($password)."'"); MD5 is a mysql function. http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_md5 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.