[RESOLVED] Login Code Help required

pnarendran

Hi:

I had this code working earlier and now I have a problem. Need an extra pair of eyes to locate what could be corrupted please? There is no error message and the config file ha sggod connection to DB because it works for other files.

Here are my 3 files

First login.php file

<?php
session_start();
require_once 'config.php';
if (isset($_SESSION['user'])){
echo "Welcome ".$_SESSION['user'];

?>

<form name="logout" method="post" action="logout.php">

<input type="submit" name="logout" id="logout" value="Logout">
</form>

<?php
}
elseif(isset($_SESSION['admin']))
{
echo"Welcome ".$_SESSION['admin'];
echo"<br><br>You are logged in as an Admin";
?>
<form name="logout" method="post" action="logout.php">
<input type="submit" name="logout" id="logout" value="Logout">
</form>
<?php

}else{
?>
<title>Login Box</title>
<link href="login-box.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div style="padding: 100px 0 0 250px;">
<div id="login-box">
<H2>Login</H2>
<table align="left">
<tr>
<td>
 <form name="login_form" method="post" action="login2.php">
<div id="login-box-name" style="margin-top:10px;">Email:</div><div id="login-box-field" style="margin-top:20px;">
<input name="user" id="user" class="form-login" title="Username" value="" size="30" maxlength="2048" /></div>
<div id="login-box-name">Password:</div><div id="login-box-field"><input name="pass" type="password" id="pass" class="form-login" title="Password" value="" size="30" maxlength="2048" /></div>
<span class="login-box-options"><input type="checkbox" name="1" value="1"> Remember Me <a href="#" style="margin-left:10px;">Forgot password?</a></span>
<br />
<br />
<a href="#"><input type="image" name="login" src="//images/login-btn.png" width="103" height="42" style="margin-left:90px;" />  </a>
</div>
</div>
</body>
<?php
 }
 ?>

2nd file login2.php:

<?php 
session_start();
require_once 'config.php';
    # make  a variable out of the username that was posted in the index-page.
    $username = $_POST['user'];
    # I am not sure what this thing makes.. but it has something with safety to do.
    $escaped_username = mysql_real_escape_string($username);
    # make a md5 password.
    $password = md5($_POST['pass']);
     $queryN = mysql_query("select * from userprofile where username = '".$username."' and password = '".$password."' AND 
level='1'");#This variable will check if the user is a level 1 user (Normal User)
    $queryA = mysql_query("select * from userprofile where username = '".$username."' and password = '".$password."' AND 
level='9'");#This variable will check if the user is a level 9 user (Admin User)


if(mysql_num_rows($queryN) == 1)
{
    $resultN = mysql_fetch_assoc($queryN);                     
$_SESSION['user'] = $_POST['user'];    

header("location:loggeduser.php");      

}

elseif(mysql_num_rows($queryA) == 1)
    {
       $resultA = mysql_fetch_assoc($queryA);                     

$_SESSION['admin'] = $_POST['user'];    

header("location:"");      

}

else{
echo "Wrong Username or Password";
}
?>
<form name="back" method="post" action="login.php">
<input type="submit" name="back" id="back" value="Back to Home">

3rd and last file logout.php:

<?php
session_start();#This will start the session
session_unset();   #Session_unset and Session_destroy
session_destroy();#Will remove all sessions.
header

("location:index.php");#This code will send u back to 

the index page
?>

jeepin81

1.) you have an extra double qoute ' " '

elseif(mysql_num_rows($queryA) == 1) 
    { 
       $resultA = mysql_fetch_assoc($queryA);                      

$_SESSION['admin'] = $_POST['user'];     

header("location:"");    //<-- extra "   

} 

else{ 
echo "Wrong Username or Password"; 
} 
?>

2.) your header goes to nothing.

pnarendran

Thanks I took away the " and added location file name. Now it comes back and always tells me wrong user name or password even though I checked the DB and the user name and password being input through the form is correct. Can you please help? Thanks!🙂

bradgrafelman

... which means the fact that you claim there was "no error message" was simply because you either a) don't have error_reporting set to E_ALL (or better), or b) don't actually have display_errors or log_errors set to On.

EDIT: As for the login process... why on earth do you have two separate queries just based on level? Why not just one one single query and simply SELECT their level so that you can use that value in a conditional statement?

pnarendran

So..... sorry what should I add in the code to see the errors?

pnarendran

I changed the code in login2.php as seen below and now I get an error.


<?php 
session_start();
require_once 'config.php';

# make  a variable out of the username that was posted in the index-page.

 $username = $_POST['user'];
   $escaped_username = mysql_real_escape_string($username);

 $password = ($_POST['pass']);


 $queryN = mysql_query("select * from userprofile where username ='".$username."' AND password = '".$password."');
 if(mysql_num_rows($queryN) == 1)
    {
        $resultN = mysql_fetch_assoc($queryN);   

$_SESSION['user'] = $_POST['user']; 

header("location:loggeduser.php");      

}

elseif(mysql_num_rows($queryA) == 1)

					   {
   $resultA = mysql_fetch_assoc($queryA);     

$_SESSION['admin'] = $_POST['user'];   

header("location:login.php");      

}


else{
echo "Wrong Username or Password";
}
?>


<form name="back" method="post" action="login.php">


<input type="submit" name="back" id="back" value="Back to Home">




</form>

The error is:


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\Hosting\7520570\html\india\login2.php on line 18

Can you please help? Thanks!🙂

bradgrafelman

Notice where the color-coding goes all awry? You're missing a closing double quote for the SQL query.

pnarendran

Almost there. Thanks so much for the help so far. I added the closing " and now it logs in okay. But here is what happens when I click the submit button with empty fields:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\Hosting\7520570\html\india\login2.php on line 23
Wrong Username or Password

I checked the column names in the DB seems okay and moreover it is logging in okay with correct credentials...Any clues please? Thanks. 🙂

bradgrafelman

You should be checking to see if [man]mysql_query/man returns boolean FALSE (indicating an error has occurred) and, if so, outputting or logging the MySQL error message (see [man]mysql_error/man) and perhaps the query itself too (to aid in debugging) as it was sent to the SQL server.

EDIT: If you still can't figure it out, post the error message and query, and also show us an updated version of your code (the version above still has many references to things like $queryA which no longer exist).

pnarendran

Thanks in advance.

Here are the updated files:

login2.php


<?php 
session_start();
require_once 'config.php';

# make  a variable out of the username that was posted in the index-page.

 $username = $_POST['user'];
   $escaped_username = mysql_real_escape_string($username);

 $password = ($_POST['pass']);


 $queryN = mysql_query("select * from userprofile where username ='".$username."' AND password = '".$password."'");
 if(mysql_num_rows($queryN) == 1)
    {
        $resultN = mysql_fetch_assoc($queryN);   

$_SESSION['user'] = $_POST['user']; 

header("location:login.php");      

}

elseif(mysql_num_rows($queryA) == 1)

			   {
$resultA = mysql_fetch_assoc($queryA);     

$_SESSION['admin'] = $_POST['user'];   

header("location:login.php");      

}


else{
echo "Wrong Username or Password";
}
?>

<form name="back" method="post" action="login.php">

<input type="submit" name="back" id="back" value="Back to Home">

</form>


<?php
session_start();
require_once 'config.php';


if (isset($_SESSION['user'])){
echo "Welcome ".$_SESSION['user'];

?>




<form name="logout" method="post" action="logout.php">


<input type="submit" name="logout" id="logout" value="Logout">


</form>






<?php

}else{
?>


<head>

<table align="left">
<tr><td>
 <form name="login_form" method="post" action="login2.php">
<div id="login-box-name" style="margin-top:10px;">Email:</div><div id="login-box-field" style="margin-top:20px;"><input name="user" id="user" class="form-login" title="Username" value="" size="30" maxlength="2048" /></div>
<div id="login-box-name">Password:</div><div id="login-box-field"><input name="pass" type="password" id="pass" class="form-login" title="Password" value="" size="30" maxlength="2048" /></div>

<span class="login-box-options"><input type="checkbox" name="1" value="1"> Remember Me <a href="#" style="margin-left:10px;">Forgot password?</a></span>
<br />
<br />
<a href="#"><input type="image" name="login" src="/india/images/login-btn.png" width="103" height="42" style="margin-left:90px;" />  </a>

</div>

</div>

</body>


<?php
 }
 ?>

logout.php

<?php
session_start();#This will start the session
session_unset();   #Session_unset and Session_destroy
session_destroy();#Will remove all sessions.
header("location:login.php");#This code will sen du back to the index page
?>

The error is:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\Hosting\7520570\html\india\login2.php on line 23

but it also says " Wrong Password / User Name and gives the logout button like it is supposed to.

Weedpacket

What is $queryA?

pnarendran

Weedpacket;10990276 wrote:
What is $queryA?

Well:

if you go through my previous code you will see I had a query A to check if level is admin. I removed parts of it but still had one line in the new code - when i removed that irrelevant line of code it got fixed.

Thanks