PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Lambex
Forum Newbie
Posts: 3 Joined: Thu Jul 11, 2013 7:13 am
Post
by Lambex » Thu Jul 11, 2013 7:29 am
I'm working on an RPG. I first used mysql but after mysqli introduction I'm trying to change the code to mysqli but I'm getting and error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/a5306723/public_html/login.php on line 46
Line 46 is
Code: Select all
$checkuser=mysqli_num_rows($result);
and the login script is
Code: Select all
<?php
include ('include/connection.php');
if (isset($_POST['action'])) {
if ($_POST['action'] == "Login") {
if(!$_POST['username'] | !$_POST['password']) {
echo ('You did not fill in a required field.');
} else {
$_POST['username'] = $username;
$_POST['password'] = $password;
mysqli_real_escape_string($connection, $username);
mysqli_real_escape_string($connection, $password);
$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'");
$checkuser=mysqli_num_rows($result);
$getiplog = mysqli_query($connection, "SELECT * FROM logins WHERE ip= '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
$checkip = mysqli_num_rows($getiplog);
if ($checkuser == 0) {
echo ('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
} elseif ($checkip >= 10) {
echo ('This IP has too many failed login attempts, please contact an administrator to get your IP unblocked');
} else {
$info = mysqli_fetch_array($getuser);
if (sha1(md5($_POST['password'])) != $info['password']) {
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'No', '".$_POST['password']."')";
$add_login = mysqli_query($login);
echo('Incorrect password, please try again.');
} else {
$month = time() + 3600*24*30;
$_SESSION['user'] = $_POST['username'];
setcookie("save_user", htmlentities($_POST['username']), $month);
// setcookie("save_pass", stripslashes(htmlentities(sha1(md5($_POST['password'])))), $month);
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'Yes', '".$_POST['password']."')";
$add_login = mysqli_query($login);
header("location: members.php");
}
}
}
}
} else {
echo("<p>");
echo("Please Login To Continue!");
echo("</p>");
echo("<form action='login.php' method='POST'>");
echo("<input type=hidden name=action value='Login'>");
echo("<table>");
echo("<tr>");
echo("<td>Username:</td>");
echo("<td>");
echo("<input type='text' name='username'>");
echo("</td>");
echo("</tr>");
echo("<tr>");
echo("<td>Password:</td>");
echo("<td>");
echo("<input type='password' name='password'>");
echo("</td>");
echo("</tr>");
echo("</table>");
echo("<input type='submit' value='Login' name='submit' class='button'>");
echo("</form>");
}
?>
I have not included the HTML part. Please help me as soon as possible
AbraCadaver
DevNet Master
Posts: 2572 Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:
Post
by AbraCadaver » Thu Jul 11, 2013 9:22 am
Code: Select all
$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysqli_error());
mysql_function(): WARNING : This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Celauran
Moderator
Posts: 6427 Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada
Post
by Celauran » Thu Jul 11, 2013 10:59 am
Code: Select all
$_POST['username'] = $username;
$_POST['password'] = $password;
mysqli_real_escape_string($connection, $username);
mysqli_real_escape_string($connection, $password);
$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'");
You have your assignment backwards. You're assigning the unset $username into $_POST['username'] rather than the other way around. You're then escaping the null value, but not saving that anywhere, and finally using the null value in your query. Might I suggest looking into prepared statements?
PDO wouldn't be a bad idea while you're at it.
Lambex
Forum Newbie
Posts: 3 Joined: Thu Jul 11, 2013 7:13 am
Post
by Lambex » Thu Jul 11, 2013 11:46 am
now it is comming
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home/a5306723/public_html/login.php on line 43
I have changed some part of the script
Code: Select all
<?php
include ('include/connection.php');
if (isset($_POST['action'])) {
if ($_POST['action'] == "Login") {
if(!$_POST['username'] | !$_POST['password']) {
echo ('You did not fill in a required field.');
} else {
$_POST['username'] = mysqli_real_escape_string($connection, $_POST['username']);
$_POST['password'] = mysqli_real_escape_string($connection, $_POST['password']);
$getuser = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysqli_error());
$checkuser = mysqli_num_rows($getuser);
$getiplog = mysqli_query($connection, "SELECT * FROM logins WHERE ip= '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
$checkuser = mysqli_num_rows($getuser);
$getiplog = mysqli_query($connection, "SELECT * FROM `logins` WHERE `ip` = '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
$checkip = mysqli_num_rows($getiplog);
if ($checkuser == 0) {
echo('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
} elseif ($checkip >= 10) {
echo('This IP has too many failed login attempts, please contact an administrator to get your IP unblocked');
} else {
$info = mysqli_fetch_array($getuser);
if (sha1(md5($_POST['password'])) != $info['password']) {
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'No', '".$_POST['password']."')";
$add_login = mysqli_query($connection, $login);
echo("<br />");
echo('Incorrect password, please try again.');
echo("<br />");
} else {
$month = time() + 3600*24*30;
$_SESSION['user'] = $_POST['username'];
setcookie("save_user", htmlentities($_POST['username']), $month);
// setcookie("save_pass", stripslashes(htmlentities(sha1(md5($_POST['password'])))), $month);
$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'Yes', '".$_POST['password']."')";
$add_login = mysqli_query($connection, $login);
header("location: news.php");
}
}
}
} elseif($_POST['action'] == "Logout") {
setcookie("usrid", "", time()+3600);
}
} else {
echo("<p>");
echo("Please Login To Continue!");
echo("</p>");
echo("<form action='login.php' method='POST'>");
echo("<input type=hidden name=action value='Login'>");
echo("<table>");
echo("<tr>");
echo("<td>Username:</td>");
echo("<td>");
echo("<input type='text' name='username'>");
echo("</td>");
echo("</tr>");
echo("<tr>");
echo("<td>Password:</td>");
echo("<td>");
echo("<input type='password' name='password'>");
echo("</td>");
echo("</tr>");
echo("</table>");
echo("<input type='submit' value='Login' name='submit' class='button'>");
echo("</form>");
}
?>
AbraCadaver
DevNet Master
Posts: 2572 Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:
Post
by AbraCadaver » Thu Jul 11, 2013 11:53 am
My bad:
Code: Select all
or die(mysqli_error($connection));
mysql_function(): WARNING : This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Lambex
Forum Newbie
Posts: 3 Joined: Thu Jul 11, 2013 7:13 am
Post
by Lambex » Fri Jul 12, 2013 12:32 am
Found out the error. I forgot to add the database name in the connection
Thx guys