Unholy Prayer Posted March 18, 2007 Share Posted March 18, 2007 I am getting some errors with my login script and I don't know why. These are the errors I'm getting: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/dev/public_html/voltbb/login.php on line 29 Login Failure: An error occured, please verify your username and password are correct. This is my code: <?php ob_start(); require_once('config.php'); include('templates/default/header_body.tpl'); if(isset($_SESSION['username']) && isset($_SESSION['password'])) { //REDIRECT TO USERS PROFILE... header("Location: http://www.dev.mtechdev.com/voltbb"); } //end if logged in if(isset($_POST['submit'])) { if(!$_POST['username']) die("Error: You must enter your username before logging in."); if(!$_POST['password']) die("Error: You must enter your password before logging in."); $username = $_POST['username']; $password = md5($_POST['password']); if(!empty($_POST['stay_in'])) { $joined =''.$_POST['username'].'[]'.md5($_POST['password']).''; setcookie('login_cookie', $joined, 2147483647, '/', '.www.yoursite.com'); } //end if $get_user = mysql_query("SELECT * FROM `members` WHERE username='$username' AND password='$password"); $q = mysql_fetch_array($get_user); if(!$q) die("Login Failure: An error occured, please verify your username and password are correct."); $_SESSION['logged_in'] = 1; $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; session_write_close(); header("Location: http://www.yoursite.com"); } else { //show login form ?> <form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>"> <table> <tr> <td>Username:<input type="text" id="username" name="username"></td> </tr> <tr> <td>Password:<input type="password" id="password" name="password"></td> </tr> <tr> <td>Submit: <input type="submit" value="Submit" name="submit" id="submit"></td> </tr> <tr> <td>Remember? <input type="checkbox" name="stay_in[]" checked="yes"></td> </tr> </table> </form> <? } ?> Any help is appreciated. Quote Link to comment Share on other sites More sharing options...
fert Posted March 18, 2007 Share Posted March 18, 2007 change $get_user = mysql_query("SELECT * FROM `members` WHERE username='$username' AND password='$password"); to $get_user = mysql_query("SELECT * FROM `members` WHERE username='$username' AND password='$password") or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Now I'm getting The login failure error message that the script outputs but i'm sure that the username and password are correct. Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Now I'm getting an error that says: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Prayer AND password = 3e3806659785b5be6b7a3209212e9f3e' at line 1 This is my current script: <?php ob_start(); require_once('config.php'); include('templates/default/header_body.tpl'); if(isset($_SESSION['username']) && isset($_SESSION['password'])) { //REDIRECT TO USERS PROFILE... header("Location: http://www.dev.mtechdev.com/voltbb"); } //end if logged in //IF SUBMIT BUTTON PRESSED if(isset($_POST['submit'])) { if(!$_POST['username']) die("Error: You must enter your username before logging in."); if(!$_POST['password']) die("Error: You must enter your password before logging in."); $username = $_POST['username']; $password = md5($_POST['password']); //set cookie if checked if(!empty($_POST['stay_in'])) { $joined =''.$_POST['username'].'[]'.md5($_POST['password']).''; setcookie('login_cookie', $joined, 2147483647, '/', 'www.dev.mtechdev.com/voltbb'); } //end if //verify user... $get_user = mysql_query("SELECT * FROM `members` WHERE username= $username AND password = $password") or die(mysql_error()); if(!$q) die("Login Failure: An error occured, please verify your username and password are correct. "); //set session variables $_SESSION['logged_in'] = 1; $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; session_write_close(); header("Location: http://www.dev.mtechdev.com/voltbb"); } else { //show login form ?> <form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>"> <table align='center' cellspacing='1' cellpadding='1' border='0'> <tr> <td align='center' colspan='2' class='ctop'>Member Login</td> </tr><tr> <td align='right' class='inputrow'>Username: </td> <td align='left' class='inputrow'><input type="text" id="username" name="username"></td> </tr> <tr> <td align='right' class='inputrow'>Password: </td> <td align='left' class='inputrow'><input type="password" id="password" name="password"></td> </tr> <tr> <td align='center' colspan='2' class='inputrow'><input type="submit" value="Login" name="submit" id="submit"></td> </tr> <tr> <td align='center' colspan='2' class='inputrow'>Remember? <input type="checkbox" name="stay_in[]" checked="yes"></td> </tr> </table> </form> <? }//end else ?> Quote Link to comment Share on other sites More sharing options...
fert Posted March 19, 2007 Share Posted March 19, 2007 SELECT * FROM `members` WHERE username='$username' AND password='$password' Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Now I'm getting "Login Failure: An error occured, please verify your username and password are correct." and I know my username and password are correct. Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Ok, I figured out why I couldn't login. It was because the length of the password column was set to 20 which wasn't long enough for the encryption. But now in my page header session code, it's displaying my username as Guest when I am actually logged in as Unholy Prayer. Here is my code: ob_start(); session_start( ); require_once('config.php'); //check cookie if ($_SESSION['logged_in'] == 1 && isset($_COOKIE['login_cookie'])) { list($user, $pass) = explode('[]', $_COOKIE['login_cookie']); $qu = mysql_query("SELECT `password` FROM `members` WHERE `username` = '".addslashes($user)."'"); if (mysql_num_rows($qu) == 1) { $passw = mysql_fetch_object($qu); if ($passw->user_password == $pass) { $_SESSION['is_online'] = 1; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; $username = $_SESSION['username']; } } } if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) { $_SESSION['logged_in'] = 0; $username = "Guest"; } Quote Link to comment Share on other sites More sharing options...
JayLewis Posted March 19, 2007 Share Posted March 19, 2007 Ahh, its always something starring you in te face. Something you know deep in you mind... Well done for spotting it Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Um, I haven't even spotted it. ??? Quote Link to comment Share on other sites More sharing options...
farkewie Posted March 19, 2007 Share Posted March 19, 2007 i may be way off the mark here but try this change. $qu = mysql_query("SELECT `password` FROM `members` WHERE `username` = '".addslashes($user)."'"); to this $query = mysql_query("SELECT `password` FROM `members` WHERE `username` = '".addslashes($user)."'"); Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Nope, still says Guest. Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 19, 2007 Share Posted March 19, 2007 In your SQL you have "SELECT `password` FROM..." but then when you compare passwords in your if statement you try to pull from the field "user_password" $qu = mysql_query("SELECT `password` FROM `members` WHERE `username` = '".addslashes($user)."'"); $passw = mysql_fetch_object($qu); if ($passw->user_password == $pass) { Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Agh, sorry, I saw that and changed it to password but I forgot to post my current script. Here it is: ob_start(); session_start( ); require_once('config.php'); //check cookie if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) { list($user, $password) = explode('[]', $_COOKIE['login_cookie']); $query = mysql_query("SELECT `password` FROM `members` WHERE `username` = '".addslashes($user)."'"); if (mysql_num_rows($query) == 1) { $passw = mysql_fetch_object($query); if ($passw->password == $pass) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; } } } It also could be my login script. This is my current login script: <?php ob_start(); require_once('config.php'); include('templates/default/header_body.tpl'); if(isset($_SESSION['username']) && isset($_SESSION['password'])) { //REDIRECT TO USERS PROFILE... header("Location: http://www.dev.mtechdev.com/voltbb"); } //end if logged in //IF SUBMIT BUTTON PRESSED if(isset($_POST['submit'])) { if(!$_POST['username']) die("Error: You must enter your username before logging in."); if(!$_POST['password']) die("Error: You must enter your password before logging in."); //set cookie if checked if(!empty($_POST['stay_in'])) { $joined =''.$_POST['username'].'[]'.md5($_POST['password']).''; setcookie('login_cookie', $joined, 2147483647, '/', '.www.dev.mtechdev.com/voltbb'); } //end if //verify user... $get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$_POST['username']."' AND password = '".md5($_POST['password'])."'"); $q = mysql_fetch_array($get_user); if(!$q) die("Login Failure: An error occured, please verify your username and password are correct."); //set session variables $_SESSION['logged_in'] = 1; $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; session_write_close(); header("Location: http://www.dev.mtechdev.com/voltbb"); } else { //show login form ?> <form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>"> <table align='center' cellspacing='1' cellpadding='1' border='0'> <tr> <td align='center' colspan='2' class='ctop'>Member Login</td> </tr><tr> <td align='right' class='inputrow'>Username: </td> <td align='left' class='inputrow'><input type="text" id="username" name="username"></td> </tr> <tr> <td align='right' class='inputrow'>Password: </td> <td align='left' class='inputrow'><input type="password" id="password" name="password"></td> </tr> <tr> <td align='center' colspan='2' class='inputrow'><input type="submit" value="Login" name="submit" id="submit"></td> </tr> <tr> <td align='center' colspan='2' class='inputrow'>Remember? <input type="checkbox" name="stay_in[]" checked="yes"></td> </tr> </table> </form> <? }//end else ?> Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 19, 2007 Share Posted March 19, 2007 Now there's a different variable mismatch... can you see it?? I also might wonder about your cookie domain. (in the login script) I would probably just set it to ".mtechdev.com", but I obviously don't know your server setup, so you may have your reasons. Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 Agh, I can't find it. Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 19, 2007 Share Posted March 19, 2007 list($user, $password) = explode('[]', $_COOKIE['login_cookie']); if ($passw->password == $pass) { Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 I'm almost certain there's something wrong with my Login script because I can't find anything wrong with my header code now. Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 19, 2007 Share Posted March 19, 2007 Have you tried changing the domain on the cookie?? I also might wonder about your cookie domain. (in the login script) I would probably just set it to ".mtechdev.com", but I obviously don't know your server setup, so you may have your reasons. Other than that, start echoing out variables at strategic points. For example, after this line: if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) { echo something so you can see if that statement is even evaluating to true. Quote Link to comment Share on other sites More sharing options...
Unholy Prayer Posted March 19, 2007 Author Share Posted March 19, 2007 I'm not sure what you mean by cookie domain. Is it this: setcookie('login_cookie', $joined, 2147483647, '/', '.mtechdev.com'); Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 20, 2007 Share Posted March 20, 2007 Yes, the last parameter on your setcookie() statement is the domain on which the cookie will be avaliable. Having it set like you have there ( to .mtechdev.com ) is probably best ( I assume the dev subdomain is a temporary development location? ) for compatability ( mtechdev.com and www.mtechdev.com will both work that way). Check setcookie on php.net for more information about the function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.