Login error need some insight

Paragon

Any idea why im getting this error?

<?PHP
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

$sql = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' ");

//if the user exists
if (mysql_num_rows($sql)>0)
{
  //make a cookie for the user
  setcookie("$username",$password);
}
?>

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paragon/public_html/test/login.php on line 8

sarahk

first thing I would do is:

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' "); 
echo $sql;

the {} enable PHP to parse more accurately as they denote the start and end of the variable name.

the users tell MySql that the info inbetween is the users name for something (field, column) and not a MySql variable name. Users, username and password are likely to have other meanings within Mysql, we're saying look for our table, our columns etc.

then the echo shows us what we have and allows us to manually check that it's ok. Additionally we can paste it into MySql and see if it runs there. If it does then it may be a connection issue.

HTH

tbach2

mysql_connect()?

plus, you don't want to trust user input! At the least addslashes() or better, do a preg_match for alphanumeric, space, comma, etc.

sarahk

I would always store the md5() of the given password and then md5() whatever they give when they login. That way any clever tricks are foiled.

Addslashes is probably good for the username.

Paragon

form.php

<form action="login.php" method="post">
<table>
<tr>
<td>Name</td>
<td><input type="text" name="username"></td>
</tr>

<tr>
<td>Password</td>
<td><input type="text" name="password"></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>

<?PHP
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ");  

echo $sql;
//if the user exists
if (mysql_num_rows($sql)>0)
{
  //make a cookie for the user
  setcookie("$username",$password);
}
?>

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paragon/public_html/test/login.php on line 8

still the same error.

sarahk

do'h

we were so busy being picky we missed this!

$result = @mysql_query($sql);
$num = mysql_num_rows($result);
if ( $num > 0) 
{ 
  //make a cookie for the user 
  setcookie("$username",$password); 
}

Paragon

I added a MYSQL connection now I get this error once I type the user name and password in.

Resource id #3

Warning: Cannot modify header information - headers already sent by (output started at /home/paragon/public_html/test/login.php:8) in /home/paragon/public_html/test/login.php on line 13

I dont even have any users in #3 I have a user in #12

Paragon

Originally posted by sarahk
do'h

we were so busy being picky we missed this!
$result = @mysql_query($sql);
$num = mysql_num_rows($result);
if ( $num > 0) 
{ 
  //make a cookie for the user 
  setcookie("$username",$password); 
} 
[/B]

Why do I need that? It doesnt work any way.

sarahk

I'm guessing that line 13 is the setcookie line().

setcookies has to be part of the header section, that's easy enough. You just have to make sure that NO HTML has been sent.

This might be a spare line at the top of the script ie

<?php
// nothing in here
?>

<?php
// nothing in here but 1 spare line in between 
// which tells the browser that the headers are sent, 
// and no more headers may be sent.
?>

and you don't need the quotes in:

setcookie("$username",$password);

as this just creates additional work for PHP.

Paragon

Thanks for your help. Umm, but were exactly do I put that? Ive never placed cookies before. Or ever had to do some strange header things?

Paragon

any why is it saying resource id #3?

Paragon

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paragon/public_html/test/login.php on line 16

<?PHP
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

echo "$username<BR>";
echo "$password<BR>";

$db=mysql_connect ("localhost", "paragon_paragon", "") or die ('I cannot connect to the database because: ' . mysql_error()); 
  mysql_select_db ("paragon_CSP"); 

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ");  

echo "$sql<BR>";

//if the user exists
$result = @mysql_query($sql); 
$num = mysql_num_rows($result); 
if ( $num > 0)
{
  //make a cookie for the user
  setcookie($username,$password);
}
?>

drag0n

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ") or die(mysql_error());   

echo $sql;

and

$result = @mysql_query($sql) or die(mysql_error());  

$num = mysql_num_rows($result) or die(mysql_error());

replace those lines with that and then post us what echos out or the mysql error if u got the sql remeber to take off the password before you post it

Paragon

<?PHP
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

echo "$username<BR>";
echo "$password<BR>";

$db=mysql_connect ("localhost", "paragon_paragon", "") or die ('I cannot connect to the database because: ' . mysql_error()); 
  mysql_select_db ("paragon_CSP"); 

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ") or die(mysql_error());    

echo $sql;

//if the user exists
if (mysql_num_rows($sql)>0)
{
  //make a cookie for the user
  setcookie($username,$password);
}
?>

Warning: Cannot modify header information - headers already sent by (output started at /home/paragon/public_html/test/login.php:5) in /home/paragon/public_html/test/login.php on line 18

<?PHP
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];

echo "$username<BR>";
echo "$password<BR>";

$db=mysql_connect ("localhost", "paragon_paragon", "") or die ('I cannot connect to the database because: ' . mysql_error()); 
  mysql_select_db ("paragon_CSP"); 

$sql = mysql_query("SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ") or die(mysql_error());    

echo $sql;

//if the user exists
$result = @mysql_query($sql); 
$num = mysql_num_rows($result); 
if ( $num > 0)  

{
  //make a cookie for the user
  setcookie($username,$password);
}
?>

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/paragon/public_html/test/login.php on line 16

drag0n

Then ur problem is on line 15 the query
did ur $sql echo out? did it contain the correct infomation?
make
$result = @($sql);

$num = mysql_num_rows($result);
to
$result = @($sql) or die(mysql_error());
$num = mysql_num_rows($result) or die(mysql_error());
tell me what u got for echo $sql and the error, u must be getting a error
Did you check the stuff in ur db?

sarahk

post duplicated, edited to remove post by author.

sarahk

lets start over.

<?PHP 
$username = $HTTP_POST_VARS['username']; 
$password = $HTTP_POST_VARS['password']; 

echo "{$username}<BR>"; 
echo "{$password}<BR>"; 

$db=mysql_connect ('localhost', 'paragon_paragon', '') or die ('I cannot connect to the database because: ' . mysql_error());  

  mysql_select_db ("paragon_CSP", $db);  

$sql = "SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' ";    

//if the user exists 
$result = mysql_query($sql) or die(mysql_error());   

$num = mysql_num_rows($result);  

if ( $num > 0)   

{ 
  //make a cookie for the user 
  //note that i've split the cookie into - otherwise you won't know 
  // how to retrieve the info later
  setcookie( 'username', $username);
  setcookie( 'password', $password); 
} 

echo $sql; 
?>

sarahk

Hi dragOn,

didn't mean to double post, first time I got a server 500 error, then when I did post I saw yours so went and edited mine. At that stage I had only one post so I don't know if it was the server 500 or the edit which caused the double up but there wasn't supposed to be 2.

drag0n

oo if that was the reason its alright.. I thought u did it on purpose to block out my post before... no probs sorry for the confusion

Paragon

Warning: Cannot modify header information - headers already sent by (output started at /home/paragon/public_html/test/login.php:5) in /home/paragon/public_html/test/login.php on line 19

Warning: Cannot modify header information - headers already sent by (output started at /home/paragon/public_html/test/login.php:5) in /home/paragon/public_html/test/login.php on line 20
SELECT * FROM users WHERE username = 'paragon' AND password = ''