Jump to content

Login system

siriuszwart

By siriuszwart
in PHP Coding Help

 Share

Recommended Posts

siriuszwart Newbie

siriuszwart

Posted
Posted

Hey guys,

 

I'm kinda new to the whole PHP thing, and cannot really write my own codings, nevertheless i do understand them. I got some new pieces and edited them, but atm i just get an error when trying to login...

 

The error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php on line 13 Warning: Cannot modify header information - headers already sent by (output started at /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php:13) in /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php on line 21

 

Now this is the code that it reffers to:

<?php

// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: personeel.php');
}
else {
// Jump to login page
header('Location: ../../personeeltest.php');
}

?>

 

The config file is a simple connection:

<?php

$hostname = '***********.nl.mysql';
$dbname   = '***********_nl';
$username = '***********_nl';
$password = '********';

// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Kon geen verbinding maken met de server.');
// Select the database
mysql_select_db($dbname) or DIE('Database is niet beschikbaar!');

?>

 

I really can't find any problems with the code. Can someone identify/correct it?

Thanks in advance!

 

-Marcel

Link to comment
Share on other sites
cpd Member

cpd

Posted
Posted

Your getting a boolean false value returned meaning your query was unsuccessful. I can't spot anything wrong with the query itself so perhaps table names or field names are spelt incorrectly?

 

It would also be worth running a few searches on this forum about security as an md5 hash isn't really secure enough. Additionally, you don't really need to pass the password through the real_escape_string function if your going to be using a hash.

Link to comment
Share on other sites
boompa Newbie

boompa

Posted
Posted

Much like the Spanish Inquisition, n00bs never expect database errors. This is so often their downfall that this is one of the most common PHP questions found on the net. As CPD stated, mysql_query() returns FALSE if the query fails. Therefore, you need to make sure that $login is not false before you try to use it, and if it is FALSE, then handle it appropriately. Where you're building the query dynamically, when the query does fail, you should also print it out, so you can verify that what's being sent to the database is what you think should be sent there. The use of mysql_error() is also recommended.

 

Most recommended, however, is abandoning the deprecated mysql extension and move to either mysqli (MySQL Improved) or PDO, and along with that move going to Prepared Statements for querying the database.

Link to comment
Share on other sites
siriuszwart Newbie

siriuszwart

Posted
  • Author
Posted

Your getting a boolean false value returned meaning your query was unsuccessful. I can't spot anything wrong with the query itself so perhaps table names or field names are spelt incorrectly?.....

 

Much like the Spanish Inquisition, n00bs never expect database errors....

...Most recommended, however, is abandoning the deprecated mysql extension and move to either mysqli (MySQL Improved) or PDO, and along with that move going to Prepared Statements for querying the database.

 

Yes i might be a noob at php, but that doesn't mean i wasn't surprised when i got a error. But thanks CPD, indeed i made a tiny mistake with the table name, that fixed it, but in the table i've got a line that indicates that username = 'admin', as is the password. Trouble now is that when i fill these two in, it states that it's not correct... I think the problem lies within the login code, could someone take a look at it for me?

Thanks in advance!

<?php

// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM TestMembers WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: personeel.php');
}
else {
// Jump to login page
header('Location: ../../personeeltest.php');
}

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.