error in login page

jrahma

Hi,

can anyone help please..

I am getting this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/jassimrahma/JassimRahma.com/admin/get_login.php on line 10

Warning: Cannot modify header information - headers already sent by (output started at /home/jassimrahma/JassimRahma.com/admin/get_login.php:10) in /home/jassimrahma/JassimRahma.com/admin/get_login.php on line 20

here is my code:

<?php
	session_start();

$username = $_POST['username'];
$password = $_POST['password'];

$dbC = mysql_connect('mysql.jassimrahma.com', 'jassimdb', '123456');
$sql = "SELECT * FROM website_admin WHERE website_admin_user_name = '$username' and website_admin_password = '$password'";
$result = mysql_query($sql, $dbC);
$count = mysql_num_rows($result);

if($count == 1)
{
	// session_regenerate_id();
	$_SESSION['status'] = 'logged';
	header("location:index.php");
}
else
{
	header("location:login.php");
}
?>

Krik

The first error is basically saying that the query failed. Either it was unable to access the database or the query was invalid (wrong table, wrong fields, ect).

try outputting the mysql error

$result = mysql_query($sql, $dbC) or die(mysql_error());

The second error is a result of the first. As the first error causes data to be displayed (meaning a header is set) you are no longer allowed to set another "header".

jrahma

I got it... no database selected..

BUT...

now I have another problem..

everytime I enter the correct user id and password it's just going back to login.php with no error message.

I am 1000000% sure about the user id and password, infact I added another uder and having the same problem.

user ID : abc123
Password : abc123

Krik

Well this is debugging 101.

First I would add "error_reporting(E_ALL)" in the first line so all errors are output (remember to take it out, or change "E_ALL" to "0", once site development is complete).

Second, echo out the "$count" right after you define it to see what its value is. If it anything other than "1" you need to resolve that.

jrahma

I have added the error_reporting(E_ALL) right after the session_start and added:

echo $count;

after

$count = mysql_num_rows($result);

and here is what I am getting:

1
Warning: Cannot modify header information - headers already sent by (output started at /home/jassimrahma/JassimRahma.com/admin/get_login.php:16) in /home/jassimrahma/JassimRahma.com/admin/get_login.php on line 22

jrahma

one more thing not sute if it's the cause of the problem..

here is my index.php which it should go to after successfull login:

<?php

session_start();

 if ($_SESSION["status"]="logged")
 {
    header('Location:login.php');
	return true;
 }

Krik

Well the index.php is the problem, and in so many ways.

First that "if" is setting "$SESSION['status']" to equal "logged" not checking if it equals "logged". You could change that to

if ($_SESSION["status"] = false)
{
header('Location:login.php');
}

and you would still be redirect to login.php. Basically the "if" is checking if you can set that value to "$_SESSION["status"]" so no matter what value is after the equal (=) it will return true and run the code in that "if".

I assume you want it to be this

if ($_SESSION["status"] == "logged")
{
header('Location:login.php');
}

But the "if", in your original post, sets "$_SESSION['status']" to "logged" meaning when the "if" (original post) redirects to index.php then index.php will redirect to login.php. So no matter what your current code will land you on the login.php.

So probably the if should be

if (isset($_SESSION["status"]) && $_SESSION["status"] != "logged")
{
header('Location:login.php');
}

I added the "isset" to avoid notice level errors

Side note, you don't need that "return true;" in your "if".

jrahma

now the login.php seems to be working fine but the index.php is not

I am able to get into index.php if I enter the correct user id and password. Login.php will redirect to login.php if wrong user id or password

but in index.php, I am able to go to it directly without the login.php so it's not checking the session['status']..

here is the the index.php:

<?php
if (isset($SESSION["status"]) && $SESSION["status"] != true)
{
header('Location:login.php');
}
?>

johanafm

Krik;10992659 wrote:
if ($_SESSION["status"] = false)
{
header('Location:login.php');
}
and you would still be redirect to login.php.

No, you wouldn't. $var = expression always evalutates to the value of the right hand side expression, which in this case is false. Thus

if (false)
{
   # never executed
}

jrahma;10992691 wrote:
but in index.php, I am able to go to it directly without the login.php so it's not checking the session['status']..
if (isset($_SESSION["status"]) && $_SESSION["status"] != true)
{
header('Location:login.php');
}

Well, add print_r($SESSION) before the if-check and remove the header redirect to see what's happening

print_r($SESSION);
if (isset($_SESSION["status"]) && $_SESSION["status"] != true)
{
	echo 'if check ok';
	# header('Location:login.php');
	exit;
}

Important: The exit statement after the location header redirect should very probably always be there, not just for the above test. What happens when a redirect occurs is that the server sends a header to the browser which tells the browser to immediately request a new page. But nothing has told your server to stop executing the script.

jrahma

this is the coee but there is nothing printed from the session.

<?php
session_start();

print_r($SESSION); 

if (isset($_SESSION["status"]) && $_SESSION["status"] != true)
{
	echo 'if check ok'; 
	// header('Location:login.php');
	exit; 
}

I just change the if to:

if (!isset($SESSION["status"]) || $SESSION["status"] != true)

and it seems to be working..

is that ok?

johanafm

Yes

Derokorian

print_r($SESSION);

should be

print_r($_SESSION);