Newbie Login .php Help!

[MARINp]

Hello. Hi, I`m a newbie, and I am trying to create a login register form, following a tutroial. I have the following error "Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Files\gingerphp\login.php on line 61"

 

 

Here is my php code:

 

 

<?php

session_start();

 

 

 

 

?>

 

<html>

<head>

<title>Login</title>

</head>

 

 

<body>

<h1>Log in </h1>

 

<form action="login.php" method="post">

<table >

<tr>

<td>Username</td>

<td><input type="text" name = "username" />

</td>

</tr>

<tr>

<td>Keyword</td>

<td><input type="keyword" name = "keyword" />

</td>

</tr>

<tr>

<td colspan = "2"><input type="submit" name="submit" value="Login" />

</td>

</tr>

 

</table>

 

</form>

<?php

 

include 'config.php';

mysql_connect($host,$user,$keyword) or die(mysql_error());

mysql_select_db($database) or die(mysql_error());

 

if ($_POST['submit']) {

 

//get the form data

 

$myusername = ($_POST['username']);

$mykeyword = ($_POST['keyword']);

 

//check that all fields are filled in

 

if ( (!$myusername)|| (!$mykeyword) ) {

echo 'Please fill in all fields';

exit;}

 

//check the form`s database

 

$sql = " SELECT * FROM {$usertable} WHERE username='{$myusername}' AND keywork= '{$mykeyword}' ";

$result = mysql_query($sql);

$count = mysql_num_rows($result);

 

//check if user did this

 

if ($count == 1) {

$_session['username'] = $myusername;

$_session ['keyword'] = $mykeyword;

$_userrecord ['userrecord'] = mysql_fetch_assoc($result);

echo 'You have been logged in sucessfully, please click <a href="account.php"</a> here to continue';

}

}

 

?>

 

 

Can anyone help me into finding my problem, I`ve been bustin` my brains all day tryin` to figure it out. Thank you a lot

[Andy123]

It appears as if your call to mysql_query is returning FALSE. Reading the documentation for this method, you will find the following:

 

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.

 

So, if your query fails, FALSE is returned, which is what your error message is telling you. You are trying to pass $result, which contains FALSE to mysql_num_rows, which expects a resource parameter. This generates the warning. What you can do is to first check if your query was executed successfully before trying to get the row count.

 

$sql = "SELECT * FROM $usertable WHERE username = '$myusername' AND keyword = '$mykeyword'";
$result = mysql_query($sql);

// Check if the query was executed successfully
if ($result) {
$count = mysql_num_rows($result); // Now it is safe to get the row count
}

else {
// SQL error
}

 

Also, please note this warning from the PHP documentation:

 

Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

• mysqli_query()
  
• PDO::query()
  

 

Please also note that you are vulnerable to SQL injection. If you have a good reason to carry on using the MySQL extension, then at least use mysql_real_escape_string.

• 
   
  

Edited October 20, 2012 by Andy123

[Pikachu2000]

When posting code, enclose it within the forum's

 . . . 

BBCode tags.

 

echo mysql_error. I'd hazard a guess that there's no field in the table named `keywork`.

[MARINp]

 

Please also note that you are vulnerable to SQL injection. If you have a good reason to carry on using the MySQL extension, then at least use mysql_real_escape_string.

 

 

I am trying to build a login register for my website, and I`ve been looking on internet for tutorials, found one and I`m trying to build it. If you can point me to a better tutorial on how to make my login register better and secure, I tank you kindly.

Edited October 20, 2012 by MARINp

[MARINp]

When posting code, enclose it within the forum's __CODEBOX_0__ BBCode tags.

 

echo mysql_error. I'd hazard a guess that there's no field in the table named `keywork`.

 

There is a field keyword in my database table. I`ve created the database table with user and keyword insead of password

[Pikachu2000]

But I didn't say `keyword`, did I? Look at the line containing the query string in your code. What do you see?

Edited October 20, 2012 by Pikachu2000

[MARINp]

But I didn't say `keyword`, did I? Look at the line containing the query string in your code. What do you see?

 

Yes, saw that keywork. modified id:D thanks.

[Christian F.]

I see you asked for a better tutorial on login systems, and for that I recommend that you read this article about secure login systems. It'll explain just about everything you need, and it contains a class that'll help you create a properly secured login for your application.

[Andy123]

Did you get it to work?

[rmember]

OK let me stop all this foolishness

 

 

config.php

<?php
//edit the Username (the id) and password (pass) codes
$pass ="admin";
$id="admin";
?>

 

login.php

<?php
if(isset($_GET['login'])){
if($_GET['login'] == "logout"){
setcookie ("id", "", time() - 3600);
setcookie ("pass", "", time() - 3600);
echo '<Center>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

   <meta name="author" content="Ron Farmer" />


   <link rel="stylesheet" type="text/css" href="/style.css" />
   <style type="text/css" media="all">
    @import "/style.css";
   </style>    </head>
<body>
<div id="container">

die(" You have logged out successfully <br><font size 15><a href='login.php'> Click here to login</a><br></font><br>");
}}
if(isset($_POST['id']) && isset($_POST['password'])) {
include 'config.php';
if($id == $_POST['id'] && $pass == $_POST['password']){
setcookie("pass", $pass);
setcookie("id", $id);
echo '<Center>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />


   <meta name="author" content="Ron Farmer" />


  <link rel="stylesheet" type="text/css" href="/style.css" />
   <style type="text/css" media="all">
    @import "/style.css";
   </style>    </head>
<body>
<div id="container">

die( ' Thank you for logging in <br><a href="./mcp.php">Click here to access your member area</a><br>');
}else{
echo '<Center>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

   <title>Messiah Lutheran Church: Welcome</title>
   <meta name="author" content="Ron Farmer" />

   <meta id="description" content="" />

   <meta id="keywords" content="" />

   <link rel="stylesheet" type="text/css" href="/style.css" />
   <style type="text/css" media="all">
    @import "/style.css";
   </style>    </head>
<body>
<div id="container">

die('Whoops you may have to try that again!<br><center><font size 15><a href="login.php"> Click here to try again </a><br></font>'); }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Form</title>
<link rel="stylesheet" type="text/css" href="view.css" media="all">
</head>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

   <meta name="author" content="Ron Farmer" />


   <meta id="keywords" content="" />

   <link rel="stylesheet" type="text/css" href="/style.css" />
   <style type="text/css" media="all">
    @import "/style.css";
   </style>
   </head>
<body>
<div id="container">

<body id="main_body" >

   <img id="top" src="top.png" alt="">
   <div id="form_container">

    <h1><a>Login Form</a></h1>
    <form id="form_471358" class="appnitro"  method="post" action="">
			    <div class="form_description">
	    <h2>Login Form</h2>
	    <p>This is where you enter your administration information</p>
    </div>					   
	    <ul >

			    <li id="li_1" >
    <label class="description" for="element_1">User ID </label>
    <div>
	    <input id="element_1" name="id" class="element text medium" type="text" maxlength="255" value=""/>
    </div>
    </li>	    <li id="li_2" >
    <label class="description" for="element_2">Password </label>
    <div>
	    <input id="element_2" name="password" class="element text medium" type="password" maxlength="255" value=""/>
    </div>
    </li>

			    <li class="buttons">
		    <input type="hidden" name="form_id" value="471358" />

		    <input id="saveForm" class="button_text" type="submit" name="submit" value="Log me in!" />
    </li>
	    </ul>
    </form>   

   </div>
   <img id="bottom" src="bottom.png" alt="">
   </body>
</html>

 

mcp.php the page you need the signed on for

<?php
include 'config.php';
if ($id == $_COOKIE['id'] && $pass == $_COOKIE['pass']) {
//your members stuff
}else{
die("please sign in");}?>

[rmember]

will send multi person mysql login code in mornning cheers

[Pikachu2000]

It sounded like the problem was already solved, but anyhow you really should never store passwords in cookies since they're easily accessible on the client machine. Login.php looks like it probably has a parse error, too.

[Christian F.]

Member: You really need to read the article i linked to as well, apparently.

Not to mention how to write proper and valid HTML, as there is a lot of issues with your code (besides the PHP parsing errors already mentioned).

 

It's really nice that you want to help, but in this case your code does more harm than good I'm afraid. It's terribly insecure, contains lots of invalid code, and it won't even work at all (ironically a good thing in this case).