Please would you look through my code to see what I am doing wrong. I get this message:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\login\login-unexpected.php on line 36, I have mrked the line 36 with #36
HERE IS THE CODE FOR THE login handler page
<!doctype html>
<html lang=en>
<head>
<title>The Login page-unexpected</title>
<meta charset=utf-8>
<link rel="stylesheet" type="text/css" href="includes.css">
</head>
<body>
<?php
// This section processes submissions from the login_page.inc.php The script also stores
//the HTTP_USER_AGENT value for added security.
//Check if the form has been submitted:
if ($SERVER['REQUEST_METHOD'] == 'POST') {
// connect to database
require ('./mysqli_connect.php');
function check_login($dbcon, $email = '', $psword = '') {
//Initiate an array to store errors
$errors = array();
//Check for empty fields
if (empty($email)) {
$errors[] = 'You forgot to enter your email address';
}else{
$e = mysqli_real_escape_string($dbcon, trim($email));
}
if (empty($psword)) {
$errors[] = 'You forgot to enter your password';
}else{
$p = mysqli_real_escape_string($dbcon, trim($psword));
}
}//End of empty field checks
// If no problems were encountered
if (empty($errors)){
$q = "SELECT user_id, fname FROM users WHERE email = email AND psword =SHA1(psword)";
$result = @mysqli_query ($dbcon, $q);
//If the record was retrieved successfully?
if (mysqli_num_rows($result) == 1) { #36
$row = mysqli_fetch_array ($result, MYSQLI_ASSOC);
return array(true, $row);
}else{
$errors[] = 'The email address and password combination does not match our records';
}
return array(false, $errors);
}//End of login_function()
list ($check, $data) = check_login($dbcon, $POST['email'], $POST['psword']);
if ($check) { // If no problems occur, set the session data:
session_start();
$SESSION['user_id'] = ('user_id');
$SESSION['fname'] = $data['fname'];
// Store the HTTP USER AGENT:
$SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
//redirect the logged-in user to either member's or administrator's page
if (('user_level') == 0)
{header ("location:members-page.php");
exit(); }
if (('user_level') == 1)
{header ("location:admin-page.php");
exit(); }
// If unsuccessful!
if (!$check) { // If a problem occurred, assign $data to $errors for login_page.inc.php:
$errors = $data;
}
} // End of the submission conditionals.
mysqli_close($dbcon); // Close the database connection.
}
include ('login_page.inc.php');// Create the form fields
?>
</body>
</html>
HERE IS THE CODE FOR login_page.inc.php
<style type="text/css">
input { float:left; }
span { float:left; }
</style>
<!--This page prints any errors associated with logging in
and it creates the entire login page, including the form.-->
<!--Include the header:-->
<div id="container">
<?php include("reg-login-header.php"); ?><br>
<?php include("nav.php"); ?>
<?php include("info-col.php"); ?>
<?php
// Print any error messages, if they exist
if (isset($errors) AND !empty($errors)) {
echo '<h1>Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) {
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
?>
<!-- Display the form-->
<div id="content">
<h2>Login</h2>
<!--<form action="login.php" method="post">-->
<form action="login-unexpected.php" method="post">
<p><label class="label" for="email">Email Address:</label>
<input id="email" type="text" name="email" size="30" maxlength="60"
value="<?php if (isset($POST['email'])) echo $POST['email']; ?>" > </p>
<br>
<p><label class="label" for="psword">Password:</label>
<input id="psword" type="password" name="psword" size="12" maxlength="12"
value="<?php if (isset($POST['psword'])) echo $POST['psword']; ?>" ><span> Between 8 and 12 characters.</span></p>
<br><p><input id="submit" type="submit" name="submit" value="Login"></p>
</form>
</div><br>
<?php include ('footer.php'); ?>
Regards Awestruck
