Page 1 of 1

Mysqli help

Posted: Thu Jul 11, 2013 7:29 am
by Lambex
I'm working on an RPG. I first used mysql but after mysqli introduction I'm trying to change the code to mysqli but I'm getting and error
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/a5306723/public_html/login.php on line 46
Line 46 is

Code: Select all

$checkuser=mysqli_num_rows($result);
and the login script is

Code: Select all

<?php
	include ('include/connection.php'); 
	if (isset($_POST['action'])) {
		if ($_POST['action'] == "Login") {
			if(!$_POST['username'] | !$_POST['password']) {
				echo ('You did not fill in a required field.');
			} else {
				$_POST['username'] = $username;
				$_POST['password'] = $password;
				mysqli_real_escape_string($connection, $username);
				mysqli_real_escape_string($connection, $password);
				$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'");
				$checkuser=mysqli_num_rows($result);
				$getiplog = mysqli_query($connection, "SELECT * FROM logins WHERE ip= '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
				$checkip = mysqli_num_rows($getiplog);
				if ($checkuser == 0) {
					echo ('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
				} elseif ($checkip >= 10) {
					echo ('This IP has too many failed login attempts, please contact an administrator to get your IP unblocked');
				} else {
					$info = mysqli_fetch_array($getuser); 
					if (sha1(md5($_POST['password'])) != $info['password']) {
						$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'No', '".$_POST['password']."')";
						$add_login = mysqli_query($login);
						echo('Incorrect password, please try again.');
					} else { 
						$month = time() + 3600*24*30; 
						$_SESSION['user'] = $_POST['username'];
						setcookie("save_user", htmlentities($_POST['username']), $month); 
						// setcookie("save_pass", stripslashes(htmlentities(sha1(md5($_POST['password'])))), $month);
						$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'Yes', '".$_POST['password']."')";
						$add_login = mysqli_query($login);
						header("location: members.php");
					}
				}
			}
		}
	} else {
		echo("<p>");
		echo("Please Login To Continue!");
		echo("</p>");
		echo("<form action='login.php' method='POST'>");
		echo("<input type=hidden name=action value='Login'>");
		echo("<table>");
		echo("<tr>");
		echo("<td>Username:</td>");
		echo("<td>");
		echo("<input type='text' name='username'>");
		echo("</td>");
		echo("</tr>");
		echo("<tr>");
		echo("<td>Password:</td>");
		echo("<td>");
		echo("<input type='password' name='password'>");
		echo("</td>");
		echo("</tr>");
		echo("</table>");
		echo("<input type='submit' value='Login' name='submit' class='button'>");
		echo("</form>");
	}
?>
I have not included the HTML part. Please help me as soon as possible

Re: Mysqli help

Posted: Thu Jul 11, 2013 9:22 am
by AbraCadaver

Code: Select all

$result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysqli_error());

Re: Mysqli help

Posted: Thu Jul 11, 2013 10:59 am
by Celauran

Code: Select all

$_POST['username'] = $username;
                                $_POST['password'] = $password;
                                mysqli_real_escape_string($connection, $username);
                                mysqli_real_escape_string($connection, $password);
                                $result = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'");
You have your assignment backwards. You're assigning the unset $username into $_POST['username'] rather than the other way around. You're then escaping the null value, but not saving that anywhere, and finally using the null value in your query. Might I suggest looking into prepared statements? PDO wouldn't be a bad idea while you're at it.

Re: Mysqli help

Posted: Thu Jul 11, 2013 11:46 am
by Lambex
now it is comming
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home/a5306723/public_html/login.php on line 43

I have changed some part of the script

Code: Select all

<?php
	include ('include/connection.php'); 
	if (isset($_POST['action'])) {
		if ($_POST['action'] == "Login") {
			if(!$_POST['username'] | !$_POST['password']) {
				echo ('You did not fill in a required field.');
			} else {
				$_POST['username'] = mysqli_real_escape_string($connection, $_POST['username']);
				$_POST['password'] = mysqli_real_escape_string($connection, $_POST['password']);
				$getuser = mysqli_query($connection, "SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysqli_error());
				$checkuser = mysqli_num_rows($getuser);
				$getiplog = mysqli_query($connection, "SELECT * FROM logins WHERE ip= '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
				$checkuser = mysqli_num_rows($getuser);
				$getiplog = mysqli_query($connection, "SELECT * FROM `logins` WHERE `ip` = '".$_SERVER["REMOTE_ADDR"]."' AND `success` = 'No'");
				$checkip = mysqli_num_rows($getiplog);
				if ($checkuser == 0) {
				echo('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
				} elseif ($checkip >= 10) {
				echo('This IP has too many failed login attempts, please contact an administrator to get your IP unblocked');
				} else {
					$info = mysqli_fetch_array($getuser); 
					if (sha1(md5($_POST['password'])) != $info['password']) {
						$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'No', '".$_POST['password']."')";
						$add_login = mysqli_query($connection, $login);
						echo("<br />");
						echo('Incorrect password, please try again.');
						echo("<br />");
						} else { 
							$month = time() + 3600*24*30; 
							$_SESSION['user'] = $_POST['username'];
							setcookie("save_user", htmlentities($_POST['username']), $month); 
							// setcookie("save_pass", stripslashes(htmlentities(sha1(md5($_POST['password'])))), $month);
							$login = "INSERT INTO logins (account, ip, success, trap) VALUES ('".$_POST['username']."', '".$_SERVER["REMOTE_ADDR"]."', 'Yes', '".$_POST['password']."')";
							$add_login = mysqli_query($connection, $login);
							header("location: news.php");
							}
						}
					}
				} elseif($_POST['action'] == "Logout") {
					setcookie("usrid", "", time()+3600);
				}
} else {
                echo("<p>");
                echo("Please Login To Continue!");
                echo("</p>");
                echo("<form action='login.php' method='POST'>");
                echo("<input type=hidden name=action value='Login'>");
                echo("<table>");
                echo("<tr>");
                echo("<td>Username:</td>");
                echo("<td>");
                echo("<input type='text' name='username'>");
                echo("</td>");
                echo("</tr>");
                echo("<tr>");
                echo("<td>Password:</td>");
                echo("<td>");
                echo("<input type='password' name='password'>");
                echo("</td>");
                echo("</tr>");
                echo("</table>");
                echo("<input type='submit' value='Login' name='submit' class='button'>");
                echo("</form>");
        }

?>

Re: Mysqli help

Posted: Thu Jul 11, 2013 11:53 am
by AbraCadaver
My bad:

Code: Select all

or die(mysqli_error($connection));

Re: Mysqli help

Posted: Fri Jul 12, 2013 12:32 am
by Lambex
Found out the error. I forgot to add the database name in the connection :x
Thx guys