[SOLVED] Login Error

[php?]

I get this error when I try to log into my website.

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\mylogin\login.php on line 12

Login failed !

 

<?php
require_once('db.php');
include('functions.php');

if(isset($_POST['Login']))
{
	if($_POST['username']!='' && $_POST['password']!='')
	{
		//Use the input username and password and check against 'pending' table
		$query = mysql_query('SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"');

		if(mysql_num_rows($query) == 1)
		{
			$row = mysql_fetch_assoc($query);
			if($row['Active'] == 1)
			{
				session_start();
				$_SESSION['user_id'] = $row['ID'];
				$_SESSION['logged_in'] = TRUE;
				header("Location: members.php");
			}
			else {
				$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link';
			}
		}
		else {		
			$error = 'Login failed !';		
		}
	}
	else {
		$error = 'Please use both your username and password to access your account';
	}
}
?>

<?php if(isset($error)){ echo $error;}?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="text" id="username" name="username" size="32" value="" />
<input type="password" id="password" name="password" size="32" value="" />
<input type="submit" name="Login" value="Login" />
</form>

[revraz]

Means there is an error in your query in the line above.

[GingerRobot]

Try changing your query to these two lines:

 

$sql = 'SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'
$query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql);

 

And show us the result. I can't see anything immediately wrong with the query.

[php?]

I replaced it and...

 

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\mylogin\login.php on line 11

 

 

 

 

<?php
require_once('db.php');
include('functions.php');

if(isset($_POST['Login']))
{
	if($_POST['username']!='' && $_POST['password']!='')
	{
		//Use the input username and password and check against 'pending' table
		$sql = 'SELECT ID, Username, Active FROM pending WHERE Username = 

"'.mysql_real_escape_string($_POST['username']).'" AND Password = 

"'.mysql_real_escape_string(md5($_POST['password'])).'"'
$query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql);

		if(mysql_num_rows($query) == 1)
		{
			$row = mysql_fetch_assoc($query);
			if($row['Active'] == 1)
			{
				session_start();
				$_SESSION['user_id'] = $row['ID'];
				$_SESSION['logged_in'] = TRUE;
				header("Location: members.php");
			}
			else {
				$error = 'Your membership was not activated. Please open the 

email that we sent and click on the activation link';
			}
		}
		else {		
			$error = 'Login failed !';		
		}
	}
	else {
		$error = 'Please use both your username and password to access your account';
	}
}
?>

<?php if(isset($error)){ echo $error;}?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="text" id="username" name="username" size="32" value="" />
<input type="password" id="password" name="password" size="32" value="" />
<input type="submit" name="Login" value="Login" />
</form>

[GingerRobot]

Sorry, my fault. Missed off the semi-colon. Try:

 

<?php
require_once('db.php');
include('functions.php');

if(isset($_POST['Login']))
{
	if($_POST['username']!='' && $_POST['password']!='')
	{
		//Use the input username and password and check against 'pending' table
		$sql = 'SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"';
		$query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql);

		if(mysql_num_rows($query) == 1)
		{
			$row = mysql_fetch_assoc($query);
			if($row['Active'] == 1)
			{
				session_start();
				$_SESSION['user_id'] = $row['ID'];
				$_SESSION['logged_in'] = TRUE;
				header("Location: members.php");
			}
			else {
				$error = 'Your membership was not activated. Please open the 

email that we sent and click on the activation link';
			}
		}
		else {		
			$error = 'Login failed !';		
		}
	}
	else {
		$error = 'Please use both your username and password to access your account';
	}
}
?>

<?php if(isset($error)){ echo $error;}?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="text" id="username" name="username" size="32" value="" />
<input type="password" id="password" name="password" size="32" value="" />
<input type="submit" name="Login" value="Login" />
</form>

[php?]

Okay i fixed all of that.. but now it keeps saying that the registration wasn't activated blah.... how can i take out the whole confirmation thing? Everytime i try it messes up the whole script

[php?]

Fixed that as well but now........

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\mylogin\functions.php on line 12

 

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\mylogin\functions.php:12) in C:\xampp\htdocs\mylogin\functions.php on line 26

 

Functions.php

<?php
function checkLogin($levels)
{
	if(!$_SESSION['logged_in'])
	{
		$access = FALSE;
	}
	else {
		$kt = split(' ', $levels);

		$query = mysql_query('SELECT Level_access FROM pending WHERE ID = 

"'.mysql_real_escape_string($_SESSION['user_id']).'"');
		$row = mysql_fetch_assoc($query);

		$access = FALSE;

		while(list($key,$val)=each($kt))
		{
			if($val==$row['Level_access'])
			{//if the user level matches one of the allowed levels
				$access = TRUE;
			}
		}
	}
	if($access==FALSE)
	{
		header("Location: login.php");
	}
	else {
	//do nothing: continue
	}

}



function checkUnique($field, $compared)
{
	$query = mysql_query("SELECT `".mysql_real_escape_string($field)."` FROM `pending` 

WHERE `".mysql_real_escape_string($field)."` = '".mysql_real_escape_string($compared)."'");
	if(mysql_num_rows($query)==0)
	{
		return TRUE;
	}
	else {
		return FALSE;
	}
}

function numeric($str)
{
	return ( ! ereg("^[0-9\.]+$", $str)) ? FALSE : TRUE;
}

function alpha_numeric($str)
{
	return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE;
}

function random_string($type = 'alnum', $len = 
{					
	switch($type)
	{
		case 'alnum'	:
		case 'numeric'	:
		case 'nozero'	:

				switch ($type)
				{
					case 'alnum'	:	$pool = 

'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
						break;
					case 'numeric'	:	$pool = 

'0123456789';
						break;
					case 'nozero'	:	$pool = '123456789';
						break;
				}

				$str = '';
				for ($i=0; $i < $len; $i++)
				{
					$str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
				}
				return $str;
		  break;
		case 'unique' : return md5(uniqid(mt_rand()));
		  break;
	}
}
?>

[revraz]

You need to add the error statement to that page as well.  You should really read what is being posted for you to follow, and if you do it on one page, copy it on another.

 

As for your header error, read the Sticky up top about Headers.

[psychowolvesbane]

Try changing

 

$query = mysql_query('SELECT Level_access FROM pending WHERE ID = 

"'.mysql_real_escape_string($_SESSION['user_id']).'"');

 

to: (without the " ")

 

$query = mysql_query('SELECT Level_access FROM pending WHERE ID = 

'.mysql_real_escape_string($_SESSION['user_id']).');

 

or: (Without the loose ' after the ).'"); )

 

$query = mysql_query('SELECT Level_access FROM pending WHERE ID = 

"'.mysql_real_escape_string($_SESSION['user_id']).'");

[php?]

Thanks psy, that problem is solved

 

And revraz adding the error to that page does nothing different..

[php?]

*sigh* Unless i'm setting the error message up wrong..

[GingerRobot]

Well, show as your new code! I've still not learnt the art of mind reading...

[php?]

<?php
function checkLogin($levels)
{
	if(!$_SESSION['logged_in'])
	{
		$access = FALSE;
	}
	else {
		$kt = split(' ', $levels);

		$query = mysql_query('SELECT Level_access FROM users WHERE ID = 

"'.mysql_real_escape_string($_SESSION['user_id']).'"') or die(mysql_error().'<br />Query:'.$sql);
		$row = mysql_fetch_assoc($query);

		$access = FALSE;

		while(list($key,$val)=each($kt))
		{
			if($val==$row['Level_access'])
			{//if the user level matches one of the allowed levels
				$access = TRUE;
			}
		}
	}
	if($access==FALSE)
	{
		header("Location: login.php");
	}
	else {
	//do nothing: continue
	}

}

function valid_email($str)
{
	return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? 

FALSE : TRUE;
}

function checkUnique($field, $compared)
{
	$query = mysql_query("SELECT `".mysql_real_escape_string($field)."` FROM `users` WHERE 

`".mysql_real_escape_string($field)."` = '".mysql_real_escape_string($compared)."'");
	if(mysql_num_rows($query)==0)
	{
		return TRUE;
	}
	else {
		return FALSE;
	}
}

function numeric($str)
{
	return ( ! ereg("^[0-9\.]+$", $str)) ? FALSE : TRUE;
}

function alpha_numeric($str)
{
	return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE;
}

function random_string($type = 'alnum', $len = 
{					
	switch($type)
	{
		case 'alnum'	:
		case 'numeric'	:
		case 'nozero'	:

				switch ($type)
				{
					case 'alnum'	:	$pool = 

'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
						break;
					case 'numeric'	:	$pool = 

'0123456789';
						break;
					case 'nozero'	:	$pool = '123456789';
						break;
				}

				$str = '';
				for ($i=0; $i < $len; $i++)
				{
					$str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
				}
				return $str;
		  break;
		case 'unique' : return md5(uniqid(mt_rand()));
		  break;
	}
}

?>

[php?]

Nevermind i got it... forgot a semicolon

[psychowolvesbane]

Are all problems solved then?