PHP login help!

stoke1863

stoke1863

stoke1863

Soldato
Joined
13 Jun 2009
Posts
4,581
Location
Chesterfield
Ok basically i have adapted some code from tutorials for a protoype but i cannot for the life of me get this login form to work.

i get this error

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/futuret7/public_html/breakdownapp.co.uk/checklogin.php on line 26

Here is my login .php

Code: 
<!DOCTYPE html>
<html>
    <head>
    <title>RSA Breakdown Assistance</title>
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.0a4.1/jquery.mobile-1.0a4.1.min.css" />
<script src="http://code.jquery.com/jquery-1.5.2.min.js"></script>
<script src="http://code.jquery.com/mobile/1.0a4.1/jquery.mobile-1.0a4.1.min.js"></script>
<style>.ui-page { z-index: 1}
.ui-header { z-index: 10 }
.ui-header * { z-index: 20 }
</style>
</head>

<body>

<div data-role="page" id="login">

<div data-role="header" data-position="fixed" data-theme="b"> 
	<h1>RSA Location Finder Login</h1> 
		<a href="" data-icon="refresh" data-theme="a" data-iconpos="notext" class="ui-btn-right"></a> 
  </div><!-- /header --> 
  
  <div data-role="content" data-theme="b">
 <form action="checklogin.php" method="post"  data-ajax="false" > <div data-role="fieldcontain"  >
    <label for="myusername">Membership Number:</label>
    <input type="text" name="myusername" id="myusername" value=""  />
</div>	
<div data-role="fieldcontain">
    <label for="mypassword">Password Input:</label>
    <input type="password" name="mypassword" id="mypassword" value="" />

<input id="Submit1" type="submit" value="Login" data-role="button" data-inline="true" />
</form>
</div>	
  
</div>
 
  
<div data-role="footer" data-theme="b" data-position="fixed"><a href="#bar"data-rel="dialog" data-transition="slideup" data-role="button" data-icon="arrow-u">Help</a>
    </div><!-- /footer --><!-- /page -->

</body>
</html>

and here is my checklogin.php

Code: 
<?php
$host="localhost"; // Host name 
$username="XXXXXr"; // Mysql username 
$password="XXXXX"; // Mysql password 
$db_name="XXXX"; // Database name 
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
 
tntcoder said:
Change

Code: 
$result=mysql_query($sql);

to

Code: 
$result=mysql_query($sql) or die('Query Error: ' . mysql_error() . "<br />\n$sql");

And post the error.
Click to expand...


Thanks for looking.

Me being stupid didnt have the right colum in the table! it was asking for username and i had userid

DOH!

now im putting in the correct username and password and it directing me to a successful login page but now i have this warning

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/futuret7/public_html/breakdownapp.co.uk/login_success.php:3) in /home/futuret7/public_html/breakdownapp.co.uk/login_success.php on line 4

thanks for looking much appreciated

when i put in incorrect detials that works fine
 
tntcoder said:
That will be an issue in login_success.php, you'll need to post the code up for that :)

Off the top of my head, check to make sure session_start(); is right at the top of that file.
Click to expand...

yup fixed it now i think it was to do with some white space :D

thanks a lot
 
tntcoder said:
Ok cool :)

Btw, if you're doing this for a business app you should consider notching the security up a bit, rather than storing and transmitting plaintext passwords in the database it's good practice to store hashes of them and then use some javascript to calculate the hash on your login page. Maybe worry about that later though :)
Click to expand...

Its not a business (thank god id probably kill something)

its just a prototype web app for uni :D
 
You must log in or register to reply here.
Back
Top Bottom