mroberts46 Posted May 23, 2012 Share Posted May 23, 2012 Hello everyone, I'm extremely new to php and have absolutely no clue as to what I'm doing. However, I have been able to read through and understand most of the code that I have found. I have a client who requires members to login in order to view special members only content. Therefore I did a search for a login system. After a little manipulation I was able to get it up and running. The client then required a few changes to be made and that's when all heck broke lose. I've gone from a working login script to a one that gives me a different error with every change I make. The current problem: Fatal error: Function name must be a string in /.../.../.../.../public_html/new_site/testing/index.php on line 60 Here's the code it refers to: <?php define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_unset(); session_destroy(); header("Location: demo.php"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $result = mysql_query("SELECT * FROM tz_members"); while($rows = mysql_fetch_array($result)) { $salt = $rows('salt'); } $row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'")); if($row['username']) { // If everything is OK login $_SESSION['usr']=$row['username']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='Wrong username and/or password!'; } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: demo.php"); exit; } $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> To further complicate this, I have a separate file that handles the registration and it works but makes the password difficult to verify (at least to a noob like myself). Here's how that code is written: <?php define('INCLUDE_CHECK',true); require 'connect.php'; $username = $_POST['username']; $email = $_POST['email']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; if($pass1 != $pass2) header('Location: index.php'); if(strlen($username) > 30) header('Location: index.php'); $hash = md5($pass1); function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 10); } $salt = createSalt(); $hash = md5($salt.$pass1.$salt); function visitorIP() { if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $TheIp=$_SERVER['HTTP_X_FORWARDED_FOR']; else $TheIp=$_SERVER['REMOTE_ADDR']; return trim($TheIp); } $ip = visitorIP(); $username = mysql_real_escape_string($username); $query = "INSERT INTO `tz_members` (`id`, `username`, `password`, `salt`, `email`, `regIP`, `dt`) VALUES (NULL, '$username', '$hash', '$salt', '$email', '$ip', '0000-00-00 00:00:00');"; mysql_query($query); mysql_close(); header('Location: index.php'); ?> Please tell me what's going wrong because I've made every change I can think of and I'd hate to lose the bonus security of the password just because I can't make it work. You may reply here or email me at marc.roberts.inc@gmail.com. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted May 23, 2012 Share Posted May 23, 2012 I'm extremely new to php and have absolutely no clue as to what I'm doing I have a client How does this happen exactly? lol Change: $salt = $rows('salt'); to $salt = $rows['salt']; and try again. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted May 23, 2012 Author Share Posted May 23, 2012 Well I started out just doing basic sites that didn't require any interaction from the users. Personally, I don't have clients. They are my mom's clients but as a way of giving me a chance to practice, she's dropped some of her clients on to me. I know a little ASP.NET and could easily do this within ASP. However, all of her clients are hosted on linux servers which requires me to learn php and fast. This is the first client that has actually needed interaction from the user. After making the said change, I now get this error: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /.../.../.../.../public_html/new_site/testing/index.php on line 63 Warning: Cannot modify header information - headers already sent by (output started at /.../.../.../.../public_html/new_site/testing/index.php:63) in /.../.../.../.../public_html/new_site/testing/index.php on line 84 Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted May 23, 2012 Share Posted May 23, 2012 Going to be brutally honest... you have a long ways to go You shouldn't compound your query functions like that. Or any function for that matter, unless you have a very good reason to. What I'm referring to is: $row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'")); Swap out this block: $row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'")); if($row['username']) { // If everything is OK login $_SESSION['usr']=$row['username']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='Wrong username and/or password!'; for this block: $sql = "SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); if ($row['username']) { // If everything is OK login $_SESSION['usr']=$row['username']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='Wrong username and/or password!'; } else { $err[] = 'No record found.'; } } else { die(mysql_error()); } Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted May 23, 2012 Author Share Posted May 23, 2012 Going to be brutally honest... you have a long ways to go Yeah, I know. I'm hoping to find a class at school that teaches PHP but I don't think my school does. In the meantime, I've looking for someone to kinda mentor me or teach me. There are several languages that I really want to learn and get proficient in but I just don't have anyone to guide me through it. Javascript, ActionScript 3, PHP, C++, C#, VB are just a few. I've taken classes in C++ and VB and have a basic (extremly basic) understanding of the languages but nothing good enough to consider myself proficient in the least bit. The suggested changes you have given me appear to have worked. After making said changes, I was able to find two other errors in my code. One was the name of the password field from the db and the other was the header redirect once the user logs in. I really appreciate your help on this. I've been fighting with this login script for a while now and I know I have a lot more fighting to do as I know there are still features they would like that I just don't know how to do just yet. two questions remain: 1) Why did we use the brace instead of the parenthesis? I think its because the data we pulled came from an array but I want to be sure that I am following the logic correctly. 2) Why does PHP seem to not like multiple mysql queries? I seem to have run into that problem on multiple occasions now and I wonder why it doesn't work. I need to know what the various mysql_assoc and mysql_array calls mean, how and when to use them, and how to use them effectively. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted May 23, 2012 Author Share Posted May 23, 2012 So now, I'm not able to login but I'm also not getting any error messages. None of the accounts I've created to test the login system are able to login. I keep getting the message "No Record Found"... Why is this? The code now looks like this : <?php define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_unset(); session_destroy(); header("Location: demo.php"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $result = mysql_query("SELECT * FROM tz_members"); while($rows = mysql_fetch_array($result)) { $salt = $rows['salt']; } $sql = "SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND password='".md5($salt.md5($_POST['password']).$salt)."'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); if ($row['username']) { // If everything is OK login $_SESSION['usr']=$row['username']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='Wrong username and/or password!'; } else { $err[] = 'No record found.'; } } else { die(mysql_error()); } } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: index.php"); exit; } $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> Why is it unable to find the records in my db? (code for registration is listed in the original post) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.