Mysql Probs with script

[Carl_06]

Hi, I after installing a login/logout script there now i have set up table in mysql etc but when i try to log in i get the following errors.

[code]Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'root@localhost' (Using password: NO) [/code]

[code]Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource [/code]

[code]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource [/code]

[code]Warning: Cannot modify header information - headers already sent by (output started [/code]

Now as far as i know all my passwords for the database etc are correct can someone plz shed some light on this thx here is the code im dealing with.

[code]<?php
session_start();

if(isset($_COOKIE['Joe2Torials']))
// If the cookie 'Joe2Torials is set, do the following;
{
$dbHost = 'localhost';
// Database Connection Details - Host
$dbUser = 'username';
// Database Connection Details - Username
$dbPass = 'password';
// Database Connection Details - Password
$dbname = 'cookie';
// Database Connection Details - Database Name


$username = $_COOKIE['Joe2Torials']['username'];
// Select the username from the cookie
$password = $_COOKIE['Joe2Torials']['password'];
// Select the password from the cookie

$db = mysql_connect($dbHost,$dbUser,$dbPass);    // Connection Code
mysql_select_db($dbname,$db);                    // Connects to database

$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query, $db);
if(mysql_num_rows($result))       
// If the login information is correct do the following;
    {
    $_SESSION['loggedin'] = 1;   
// Set the session 'loggedin' to 1 and forward the user to the admin page
    header('Location: http://www.domain.com/admin.php');
    exit();
    }
}

/*    If the cookie doesn't exist or the login
    information  stored within the cookies
    are  wrong  show  the  login  form.
*/
?>

<form method="post" name="cookie" action="process.php">

<p><label for="username">Username : <input type="text" name="username" id="username" /></label></p>
<p><label for="password">Password : <input type="password" name="password" id="password" /></label></p>
<p><input type="checkbox" name="setcookie" value="setcookie" /> Remember Me</p>

<p><input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" /></p>
</form>

<?php
if (isset($_GET['error']) AND !empty($_GET['error']))
{
    echo 'Invalid login data supplied. Please try again.';
}
?>
[/code]

[obsidian]

OK, a couple things:

1. Set up your code to do some error checking for you so you can deal with issues one at a time. Using "or die()" in your scripts can be invaluable for debugging mysql errors:
[code]
<?php
// change the two connection lines to the following:
$db = mysql_connect($dbHost,$dbUser,$dbPass) or die(mysql_error());    // Connection Code
mysql_select_db($dbname,$db) or die(mysql_error());                    // Connects to database
?>
[/code]

2. IMHO, you should [b]never, ever[/b] store a straight username and password in your cookies for a login script. It's one thing to store a session ID in there, but storing a username and password combination can be extremely dangerous to the user. I would suggest you modify the login script to use a different method of remembering the user.

Good luck!

[fenway]

Amd 3., don't use root!

[obsidian]

[quote author=fenway link=topic=117723.msg481532#msg481532 date=1165632472]
Amd 3., don't use root!
[/quote]

LOL... thanks, fenway, I seemed to overlook that one <slaps my wrist> ;)