Voodoo and empty mysql resources.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Voodoo and empty mysql resources.

Post by daedalus__ »

I have this script, it works good and fine except it returns an empty resource when it shouldn't.

Code: Select all

<?php session_start();
if (stristr($_SERVER['PHP_SELF'], 'cnt/') != FALSE)
{
	include('../inc/mysql.inc.php');
}

if (!($_SESSION) || $_SESSION['error'])
{
	if ($_POST)
	{
		$mysql_link		= mysql_connect(mysql_host, mysql_user, mysql_pass) or die(mysql_error());
		mysql_select_db(mysql_database) or die(mysql_error());
		
		$mysql_result	= mysql_query(sprintf("
		SELECT username, password, admin_flag 
		FROM users 
		WHERE username = '%s' AND password = '%s'
		", mysql_real_escape_string($_POST['user']), md5(mysql_real_escape_string($_POST['pass']))));
		echo md5(mysql_real_escape_string($_POST['pass']));

		if (is_resource($mysql_result))
		{
			while ($row	= mysql_fetch_row($mysql_result))
			{
				$_SESSION['user']			= $row[0];
				$_SESSION['password']	= md5('salt_and_margaritas'.$row[1]);
				$_SESSION['admin_flag']	= $row[2];
			}
			print '
			<html>
				<head>
					<script language="javascript">
						window.location.href = "'.substr(rtrim(dirname($_SERVER['PHP_SELF'])), 0, -3).'?q=admin/index";
					</script>
					<title>You are being redirected.</title>
					<script language="javascript">
					
					</script>
				</head>
				<body>
					You are being redirected, <a href="login.php">click here</a> if you do not wish to wait or if you have javascript disabled.
				</body>
			</html>';
		}
		else
		{
			$_SESSION['error'] = 'Invalid Username and Password combination.<br />'.mysql_error();
			// Redirect to yourself
			print '
			<html>
				<head>
					<script language="javascript">
						window.location.href = "'.substr(rtrim(dirname($_SERVER['PHP_SELF'])), 0, -3).'?q=login";
					</script>
					<title>You are being redirected.</title>
					<script language="javascript">
					
					</script>
				</head>
				<body>
					You are being redirected, <a href="login.php">click here</a> if you do not wish to wait or if you have javascript disabled.
				</body>
			</html>';
		}
	}
	else
	{
		print '
<h2>Log-in</h2>
								</div>
								<div class="inside">';
		print '
		<h3>Please log-in in order to continue on to the Administration Control Panel</h3>
		<table cellspacing="0">';
		print '
		<form action="cnt/login.php" method="post">
			<tr>
				<td>Username: </td><td><input type="text" size="24" name="user" /></td>
			<tr>
			</tr>
				<td>Password: </td><td><input type="password" size="24" name="pass" /></td>
			</tr>
			<tr>
				<td colspan="2" align="right"><input type="submit" name="submit" value="submit" /></td>
			</tr>
		</form>
		</table>';
		ShowErrors();
	}
}
else
{
	echo '<h2>Sorry</h2>';
	echo '<p>You are already logged-in, please log-out before you try to log-in again.</p>';
}
?>
Suggestions to make the code better (not just working) are also appreciated.
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Post by daedalus__ »

Help?

:(
Post Reply