Page 1 of 1

Im getting sick of these errors....

Posted: Fri Feb 20, 2004 5:54 pm
by Ne0
ok, im trying to make a simple login script. and well, it aint working.

ok, i made a page to display what is in the database:
Name: Ne0
Password: ****
E-Mail: ****
Signature:
avatar:
website:
so i no it exsist, but when i try to login:
Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in c:\program files\apache group\apache\htdocs\ne0\functions.php on line 58
Invalid UserName or Password

Code: Select all

<?php
if ($_GET['a'] == "login") {
	$user="ne0";
	$password="****";
	$database="db";
	mysql_connect(localhost,$user,$password);
	@mysql_select_db($database) or die("Unable to select database<br>");
	$query="SELECT * FROM users WHERE name='{$_POST['username']}' and password='{$_POST['password']}'"; 

	$result = mysql_query($query) or die (mysql_error());

	if(mysql_num_rows($query) != "0") {  // <-----line 58
		echo("Logged in succesfully"); 
	} else {
		echo("Invalid UserName or Password"); 
	}

mysql_close();
}
?>
once i can get this to work, i can add setting the sessions and stuff...

thanks in advanced

Posted: Fri Feb 20, 2004 6:44 pm
by evilMind

Code: Select all

// Change this line
if(mysql_num_rows($query) != "0") {

// to this ->
if(mysql_num_rows($result) != "0") {
that should do the trick.

Also you may want to consider adding slashes to the user name and password via [php_man]addslashes[/php_man] then checking for exactly one row being returned. eg:

Code: Select all

// <snip>
$userName = addslashes($_POST['username']);
$passWord = addslashes($_POST['password']);
// <snip> //
if(mysql_num_rows($result) == 1) {
   // do something.
}

Posted: Fri Feb 20, 2004 8:04 pm
by Ne0
ok, thanks!, that definatly solved the error!

but. even when i copy and paste the password and user name into the form fields, it still sais invalid username or password....

Posted: Fri Feb 20, 2004 9:24 pm
by evilMind
Not sure how you have your database passwords stored.
If you set your password using the mysql PASSWORD() function then you need to use that when you perform the query as well.
example:

Code: Select all

$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);

$query = "SELECT * FROM `users` WHERE `name`='$username' AND `password`=PASSWORD('$password') ";

Posted: Fri Feb 20, 2004 9:52 pm
by Ne0
i dunno what u mean by PASSWORD() function...if it help this is how the table was made.

Code: Select all

$query="CREATE TABLE users (id int(6) NOT NULL auto_increment,name varchar(15) NOT NULL,password varchar(15) NOT NULL,email varchar(30) NOT NULL,sig varchar(255),avatar varchar(50),web varchar(30),downloads int(6),uploads int(6),PRIMARY KEY (id),UNIQUE id (id),KEY id_2 (id))";
but ill give it a try.

edit: now its giving me
Unknown column 'Ne0' in 'where clause'

Code: Select all

$username = addslashes($_POST['username']); 
$password2 = addslashes($_POST['password']); 

$query = "SELECT * FROM users WHERE name=$username AND password=$password2";

Posted: Fri Feb 20, 2004 10:10 pm
by evilMind
It's not so much as to how the table was made. It's how you inserted the data into the table.

look at http://www.mysql.com/doc/en/Password_hashing.html for more information on the mysql PASSWORD() function.

Code: Select all

$username = addslashes($_POST['username']);
$password2 = addslashes($_POST['password']);

//$query = "SELECT * FROM users WHERE name=$username AND password=$password2"; 
// Should be
$query = "SELECT * FROM users WHERE name='$username' AND password='$password2'"; 
// sorry... forgot the quotes.

Code: Select all

mysql&gt; SELECT PASSWORD('foo'); #hashed value of the password.
+------------------+
| PASSWORD('foo')  |
+------------------+
| 7c786c222596437b |
+------------------+
1 row in set (0.00 sec)

mysql&gt; SELECT 'foo'; #plaintext
+-----+
| foo |
+-----+
| foo |
+-----+
1 row in set (0.00 sec)

mysql&gt;

Posted: Sat Feb 21, 2004 9:32 am
by Ne0
HAHA
it worked, :)

thank u so much for your help and time :)

Posted: Sat Feb 21, 2004 11:23 am
by evilMind
anytime :)

Posted: Sat Feb 21, 2004 11:31 am
by Ne0
errrr...PHP is alot higher maintence and alot more picky than ASP....

ok, i got a new error, or 5 new warning at once:
Warning: session_start(): open(/tmp\sess_4f3f2a67abf263d3fa15ff4ff50c6e78, O_RDWR) failed: No such file or directory (2) in c:\program files\apache group\apache\htdocs\ne0\functions.php on line 64

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\program files\apache group\apache\htdocs\ne0\functions.php:64) in c:\program files\apache group\apache\htdocs\ne0\functions.php on line 64

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\program files\apache group\apache\htdocs\ne0\functions.php:64) in c:\program files\apache group\apache\htdocs\ne0\functions.php on line 64

Logged in succesfully.
Redirecting you to were you previously.
Warning: Unknown(): open(/tmp\sess_4f3f2a67abf263d3fa15ff4ff50c6e78, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
i dun get it...i made sure the session was set b4 the echo statement:

Code: Select all

if (mysql_num_rows($result) != "0") {
		session_start();
		$_SESSION["name"] = '$username';
		echo("<center>Logged in succesfully.<br>Redirecting you to were you previously."); 

	} else {
		echo("Invalid UserName or Password"); 
	}
...

Posted: Sat Feb 21, 2004 12:37 pm
by evilMind
Cannot send session cookie - headers already sent by (output started at c:\program files\apache group\apache\htdocs\ne0\functions.php:64)
Looking at line 64 (and above) in your functions.php file, what is sending any kind of output to the client?

Also, check for blank lines at the end of a file (after your last ?>) since this will cause output to be sent also.

As an alternative you may want to try this until you find out what is sending the output:

Code: Select all

<?php
if (mysql_num_rows($result) != "0") {
   if (!headers_sent($sendingOutputFile, $outputOccuredAt))
   {
      session_start();
      $_SESSION["name"] = '$username';
      echo("<center>Logged in succesfully.<br>Redirecting you to were you previously.");
    }
    else
    {
       echo 'Output occured from file: ' . $sendingOutputFile . ' At line number: ' . $outputOccuredAt;
    }

   } else {
      echo("Invalid UserName or Password");
   }
?>
The above *may* tell you the same thing that you are getting in your log files, but it may also say differently.

Posted: Sat Feb 21, 2004 12:40 pm
by evilMind
Almost forgot... Make sure to check your session.save_path in your php.ini file also. The error says /tmp/sess_...... make sure that this path exists and is writeable by apache (If not change the value in the php.ini that is writeable by apache and the restart apache to apply the changes)

Posted: Sat Feb 21, 2004 7:53 pm
by Ne0
ok, nothins working, im on a free host and i dunno how to get ti php.ini
i decided to redirect to a bran new blank page that set the session...that way there would be no output...
heres what i got, exactly.
Warning: session_start(): open(/tmp\sess_4a22a87eb6c4b3e191c4d6feb9dd9ab6, O_RDWR) failed: No such file or directory (2) in c:\program files\apache group\apache\htdocs\ne0\setsession.php on line 3

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\program files\apache group\apache\htdocs\ne0\setsession.php:3) in c:\program files\apache group\apache\htdocs\ne0\setsession.php on line 3

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\program files\apache group\apache\htdocs\ne0\setsession.php:3) in c:\program files\apache group\apache\htdocs\ne0\setsession.php on line 3

Warning: Cannot modify header information - headers already sent by (output started at c:\program files\apache group\apache\htdocs\ne0\setsession.php:3) in c:\program files\apache group\apache\htdocs\ne0\setsession.php on line 5

Warning: Unknown(): open(/tmp\sess_4a22a87eb6c4b3e191c4d6feb9dd9ab6, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
with this code, exactly:

Code: Select all

<?php
$user = $_GET['u'];
session_start();
$_SESSION['username'] = $user;
header("Location: index.php");
?>

Posted: Sat Feb 21, 2004 8:52 pm
by evilMind
As far as changing the session.save_path you should be able to use [php_man]ini_set[/php_man] for that. Something along the lines of ini_set('session.save_path','/temp'); or ini_set('session.save_path','C:\temp'); As far as the headers problem.... the only thing that I can think of right now is that since you are receiving an error setting the file, php is sending output to the client (probably for error display?) which is causing the problem???

Also, you can check to see what settings you have setup currently by using ini_get('variableNameHere'); eg: ini_get('session.save_path');

Posted: Sun Feb 22, 2004 8:41 am
by Ne0
ok, ill try all of that.

thank you for your help.