siriuszwart Posted June 16, 2012 Share Posted June 16, 2012 Hey guys, I'm kinda new to the whole PHP thing, and cannot really write my own codings, nevertheless i do understand them. I got some new pieces and edited them, but atm i just get an error when trying to login... The error: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php on line 13 Warning: Cannot modify header information - headers already sent by (output started at /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php:13) in /customers/b/1/5/creativebot.nl/httpd.www/php/personeeltest/loginproc.php on line 21 Now this is the code that it reffers to: <?php // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: personeel.php'); } else { // Jump to login page header('Location: ../../personeeltest.php'); } ?> The config file is a simple connection: <?php $hostname = '***********.nl.mysql'; $dbname = '***********_nl'; $username = '***********_nl'; $password = '********'; // Let's connect to host mysql_connect($hostname, $username, $password) or DIE('Kon geen verbinding maken met de server.'); // Select the database mysql_select_db($dbname) or DIE('Database is niet beschikbaar!'); ?> I really can't find any problems with the code. Can someone identify/correct it? Thanks in advance! -Marcel Quote Link to comment https://forums.phpfreaks.com/topic/264291-login-system/ Share on other sites More sharing options...
cpd Posted June 16, 2012 Share Posted June 16, 2012 Your getting a boolean false value returned meaning your query was unsuccessful. I can't spot anything wrong with the query itself so perhaps table names or field names are spelt incorrectly? It would also be worth running a few searches on this forum about security as an md5 hash isn't really secure enough. Additionally, you don't really need to pass the password through the real_escape_string function if your going to be using a hash. Quote Link to comment https://forums.phpfreaks.com/topic/264291-login-system/#findComment-1354406 Share on other sites More sharing options...
boompa Posted June 16, 2012 Share Posted June 16, 2012 Much like the Spanish Inquisition, n00bs never expect database errors. This is so often their downfall that this is one of the most common PHP questions found on the net. As CPD stated, mysql_query() returns FALSE if the query fails. Therefore, you need to make sure that $login is not false before you try to use it, and if it is FALSE, then handle it appropriately. Where you're building the query dynamically, when the query does fail, you should also print it out, so you can verify that what's being sent to the database is what you think should be sent there. The use of mysql_error() is also recommended. Most recommended, however, is abandoning the deprecated mysql extension and move to either mysqli (MySQL Improved) or PDO, and along with that move going to Prepared Statements for querying the database. Quote Link to comment https://forums.phpfreaks.com/topic/264291-login-system/#findComment-1354429 Share on other sites More sharing options...
siriuszwart Posted June 17, 2012 Author Share Posted June 17, 2012 Your getting a boolean false value returned meaning your query was unsuccessful. I can't spot anything wrong with the query itself so perhaps table names or field names are spelt incorrectly?..... Much like the Spanish Inquisition, n00bs never expect database errors.... ...Most recommended, however, is abandoning the deprecated mysql extension and move to either mysqli (MySQL Improved) or PDO, and along with that move going to Prepared Statements for querying the database. Yes i might be a noob at php, but that doesn't mean i wasn't surprised when i got a error. But thanks CPD, indeed i made a tiny mistake with the table name, that fixed it, but in the table i've got a line that indicates that username = 'admin', as is the password. Trouble now is that when i fill these two in, it states that it's not correct... I think the problem lies within the login code, could someone take a look at it for me? Thanks in advance! <?php // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM TestMembers WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')"); // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: personeel.php'); } else { // Jump to login page header('Location: ../../personeeltest.php'); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/264291-login-system/#findComment-1354568 Share on other sites More sharing options...
ignace Posted June 17, 2012 Share Posted June 17, 2012 if the password is admin (and it's stored like that in your DB) then you should not MD5() it. Quote Link to comment https://forums.phpfreaks.com/topic/264291-login-system/#findComment-1354582 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.