Page 1 of 1

Having Issues with a login script

Posted: Sun Nov 19, 2006 7:17 am
by evilchris2003
Im fairly new to PHP and have been using examples to help me structure the code/use the correct syntax

the below code does not login even though in the book i have it seems (Screenshots) to work fine
i have only included the relevant area of the code the rest just makes sure both login fields were entered

Code: Select all

if ($u && $p) { 

		
		require_once ('../mysql_connect.php');
		$query = "SELECT username, first_name FROM users WHERE username='$u' AND password='$p'";
		$result = @mysql_query ($query); // Run the query.
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		if ($row) { 

				// Set the cookies & redirect.
				setcookie ('first_name', $row[1]);
				setcookie ('username', $row[0]);
				header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
				exit(); // Quit the script.

		} else { // No record matched the query.
			$message = '<p>The username and password entered do not match those on file.</p>';
		}

		mysql_close(); 
	} else {
		$message .= '<p>Please try again.</p>';
	}
with this code i get the error Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in blah blah
i googled the error and found that it is fixed by adding an @ so

Code: Select all

$row = mysql_fetch_array ($result, MYSQL_NUM);

reads as

Code: Select all

$row = @mysql_fetch_array ($result, MYSQL_NUM);
that removes the error but doesnt solve my problem the query always goes to the else statment (no record found)
i know there is a record in the data base i have viewed it with phpMyAdmin i have also tried with and without the PASSWORD('$p') to encrypt the password in the database

Posted: Sun Nov 19, 2006 8:19 am
by feyd
Placing the error suppression operator is not a solution. It only hides the error, which still happens. You need to check if $result is what you hope it to be: not false.
  • echo $query to see if the query is what you think it should be.
  • add error handling to the mysql_query() call. "or die(mysql_error())" is quite common.
  • MySQLs own documentation states not to use their PASSWORD function. Its sole purpose is for database level login credentials, not your own. The reason being they could change the encoding algorithm at any time without warning. If they do that, your records become useless. Use a stable algorithm such as MD5, SHA1, SHA256, etc etc.

Posted: Sun Nov 19, 2006 8:42 am
by evilchris2003
Thanks feyd its all working now