php? Posted January 2, 2008 Share Posted January 2, 2008 I get this error when I try to log into my website. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\mylogin\login.php on line 12 Login failed ! <?php require_once('db.php'); include('functions.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'pending' table $query = mysql_query('SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['Active'] == 1) { session_start(); $_SESSION['user_id'] = $row['ID']; $_SESSION['logged_in'] = TRUE; header("Location: members.php"); } else { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link'; } } else { $error = 'Login failed !'; } } else { $error = 'Please use both your username and password to access your account'; } } ?> <?php if(isset($error)){ echo $error;}?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <input type="text" id="username" name="username" size="32" value="" /> <input type="password" id="password" name="password" size="32" value="" /> <input type="submit" name="Login" value="Login" /> </form> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 2, 2008 Share Posted January 2, 2008 Means there is an error in your query in the line above. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 2, 2008 Share Posted January 2, 2008 Try changing your query to these two lines: $sql = 'SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"' $query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql); And show us the result. I can't see anything immediately wrong with the query. Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 I replaced it and... Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\mylogin\login.php on line 11 <?php require_once('db.php'); include('functions.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'pending' table $sql = 'SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"' $query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['Active'] == 1) { session_start(); $_SESSION['user_id'] = $row['ID']; $_SESSION['logged_in'] = TRUE; header("Location: members.php"); } else { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link'; } } else { $error = 'Login failed !'; } } else { $error = 'Please use both your username and password to access your account'; } } ?> <?php if(isset($error)){ echo $error;}?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <input type="text" id="username" name="username" size="32" value="" /> <input type="password" id="password" name="password" size="32" value="" /> <input type="submit" name="Login" value="Login" /> </form> Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 2, 2008 Share Posted January 2, 2008 Sorry, my fault. Missed off the semi-colon. Try: <?php require_once('db.php'); include('functions.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'pending' table $sql = 'SELECT ID, Username, Active FROM pending WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'; $query = mysql_query($sql) or die(mysql_error().'<br />Query:'.$sql); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['Active'] == 1) { session_start(); $_SESSION['user_id'] = $row['ID']; $_SESSION['logged_in'] = TRUE; header("Location: members.php"); } else { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link'; } } else { $error = 'Login failed !'; } } else { $error = 'Please use both your username and password to access your account'; } } ?> <?php if(isset($error)){ echo $error;}?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <input type="text" id="username" name="username" size="32" value="" /> <input type="password" id="password" name="password" size="32" value="" /> <input type="submit" name="Login" value="Login" /> </form> Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 Okay i fixed all of that.. but now it keeps saying that the registration wasn't activated blah.... how can i take out the whole confirmation thing? Everytime i try it messes up the whole script Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 Fixed that as well but now........ Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\mylogin\functions.php on line 12 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\mylogin\functions.php:12) in C:\xampp\htdocs\mylogin\functions.php on line 26 Functions.php <?php function checkLogin($levels) { if(!$_SESSION['logged_in']) { $access = FALSE; } else { $kt = split(' ', $levels); $query = mysql_query('SELECT Level_access FROM pending WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); $row = mysql_fetch_assoc($query); $access = FALSE; while(list($key,$val)=each($kt)) { if($val==$row['Level_access']) {//if the user level matches one of the allowed levels $access = TRUE; } } } if($access==FALSE) { header("Location: login.php"); } else { //do nothing: continue } } function checkUnique($field, $compared) { $query = mysql_query("SELECT `".mysql_real_escape_string($field)."` FROM `pending` WHERE `".mysql_real_escape_string($field)."` = '".mysql_real_escape_string($compared)."'"); if(mysql_num_rows($query)==0) { return TRUE; } else { return FALSE; } } function numeric($str) { return ( ! ereg("^[0-9\.]+$", $str)) ? FALSE : TRUE; } function alpha_numeric($str) { return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE; } function random_string($type = 'alnum', $len = { switch($type) { case 'alnum' : case 'numeric' : case 'nozero' : switch ($type) { case 'alnum' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; break; case 'numeric' : $pool = '0123456789'; break; case 'nozero' : $pool = '123456789'; break; } $str = ''; for ($i=0; $i < $len; $i++) { $str .= substr($pool, mt_rand(0, strlen($pool) -1), 1); } return $str; break; case 'unique' : return md5(uniqid(mt_rand())); break; } } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 2, 2008 Share Posted January 2, 2008 You need to add the error statement to that page as well. You should really read what is being posted for you to follow, and if you do it on one page, copy it on another. As for your header error, read the Sticky up top about Headers. Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted January 2, 2008 Share Posted January 2, 2008 Try changing $query = mysql_query('SELECT Level_access FROM pending WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"'); to: (without the " ") $query = mysql_query('SELECT Level_access FROM pending WHERE ID = '.mysql_real_escape_string($_SESSION['user_id']).'); or: (Without the loose ' after the ).'"); ) $query = mysql_query('SELECT Level_access FROM pending WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"); Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 Thanks psy, that problem is solved And revraz adding the error to that page does nothing different.. Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 *sigh* Unless i'm setting the error message up wrong.. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 2, 2008 Share Posted January 2, 2008 Well, show as your new code! I've still not learnt the art of mind reading... Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 <?php function checkLogin($levels) { if(!$_SESSION['logged_in']) { $access = FALSE; } else { $kt = split(' ', $levels); $query = mysql_query('SELECT Level_access FROM users WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"') or die(mysql_error().'<br />Query:'.$sql); $row = mysql_fetch_assoc($query); $access = FALSE; while(list($key,$val)=each($kt)) { if($val==$row['Level_access']) {//if the user level matches one of the allowed levels $access = TRUE; } } } if($access==FALSE) { header("Location: login.php"); } else { //do nothing: continue } } function valid_email($str) { return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; } function checkUnique($field, $compared) { $query = mysql_query("SELECT `".mysql_real_escape_string($field)."` FROM `users` WHERE `".mysql_real_escape_string($field)."` = '".mysql_real_escape_string($compared)."'"); if(mysql_num_rows($query)==0) { return TRUE; } else { return FALSE; } } function numeric($str) { return ( ! ereg("^[0-9\.]+$", $str)) ? FALSE : TRUE; } function alpha_numeric($str) { return ( ! preg_match("/^([-a-z0-9])+$/i", $str)) ? FALSE : TRUE; } function random_string($type = 'alnum', $len = { switch($type) { case 'alnum' : case 'numeric' : case 'nozero' : switch ($type) { case 'alnum' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; break; case 'numeric' : $pool = '0123456789'; break; case 'nozero' : $pool = '123456789'; break; } $str = ''; for ($i=0; $i < $len; $i++) { $str .= substr($pool, mt_rand(0, strlen($pool) -1), 1); } return $str; break; case 'unique' : return md5(uniqid(mt_rand())); break; } } ?> Quote Link to comment Share on other sites More sharing options...
php? Posted January 2, 2008 Author Share Posted January 2, 2008 Nevermind i got it... forgot a semicolon Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted January 2, 2008 Share Posted January 2, 2008 Are all problems solved then? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.