why wont my login script work

[elduderino]

hi,

im having this problem. Ive been running a system locally on my machine for a while now whilst ive been developin it. I has a login script. Im just starting to put the system live and im having problems. I think the problem may come from the fact that my local setup is php 4.3 with mysql 3 and my live system is php 5 with mysql 5 but i dont see why!

Heres my login script:

PHP Code:

<?php 

if (isset($_POST['submit'])) { // Handle the form.

    require_once ('mysql_connect.php'); // Connect to the db.
        
    // Create a function for escaping the data.
    function escape_data ($data) {
        global $dbc; // Need the connection.
        if (ini_get('magic_quotes_gpc')) {
            $data = stripslashes($data);
        }
        return mysql_real_escape_string($data, $dbc);
    } // End of function.

    $message = NULL; // Create an empty new variable.
    
    // Check for a username.
    if (empty($_POST['username'])) {
        $u = FALSE;
        $message .= '<p class="error">You forgot to enter your username!</p>';
    } else {
        $u = escape_data($_POST['username']);
    }
    
    // Check for a password.
    if (empty($_POST['password'])) {
        $p = FALSE;
        $message .= '<p class="error">You forgot to enter your password!</p>';
    } else {
        $p = escape_data($_POST['password']);
    }
    
    if ($u && $p) { // If everything's OK.
    
    echo $u;
    echo $p;

        // Retrieve the user_id and first_name for that username/password combination.
        $query = "SELECT user_id, first_name FROM users_home WHERE username='$u' AND password=PASSWORD('$p')";        
        $result = @mysql_query ($query); // Run the query.
        $row = mysql_fetch_array ($result); // Return a record, if applicable.


        if ($row) { // A record was pulled from the database.
    
        
                
                // Start the session
                 
                session_start();
                 $_SESSION['user_id'] = $row['user_id'];
                 $_SESSION['first_name'] = $row['first_name'];
                 $_SESSION['timestamp'] = time();
            
    require_once ('mysql_connect.php'); // Connect to the db.
$sql = ('SELECT timestamp FROM userlog WHERE user_id = ' .$_SESSION['user_id']. ' ORDER BY timestamp DESC LIMIT 1,1');
$query = mysql_query($sql);


    $_SESSION['lastlogin'] = $row['timestamp'];
    






$sql = ('INSERT INTO userlog (userlog_id, user_id, timestamp) VALUES (NULL, '.$_SESSION['user_id'].', '.$_SESSION['timestamp'].'');
$query = mysql_query($sql);

    header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/home.php");
                




                
        } else { // No record matched the query.
            $message = '<p class="error">Im sorry, do we know you?</p>'; 
        }
        
        mysql_close(); // Close the database connection.

    } else {
        $message .= '<p class="error">Please try again.</p>';        
    }

     

} // End of the main Submit conditional.

// Set the page title and include the HTML header.
$page_title = 'Login';


// Print the error message if there is one.
if (isset($message)) {
    echo '<font color="red">', $message, '</font>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
        <head>
        <meta http-equiv="content-type" content="text/html; charset=windows-1250">
         <title>BOUDAKI-LOGIN</title>
            <style type="text/css">
            * {font-family: "Courier New", Courier, mono; font-size: 100%; color: #000000 ; margin: 0; font-weight: bold;}

            

            input { border: 3px solid #000;
            margin: 7px 0 7px 0;
            padding: 2px;
            }

            input.submit { background-color: #fff;
            }

            #container { margin: 100px auto;
            width: 200px;
            text-align: left;
            
            
            }

            p.error { margin: 30px 0 0 20px;
            }
            #container img { margin: 0 0 15px 45px;
            }

            form { margin-left: 0px;
            
                        
                

            </style>
        </head>
        <body>
        
<div id="container">

<img src="images/face.gif" />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username</p><p><input type="text" class="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p>Password</p><p><input type="password" class="text" name="password" size="20" maxlength="20" /></p>
 <input type="submit" class="submit" name="submit" value="Login" />
</div>

</fieldset></form>
</body>
</html><!-- End of Form -->

Now ive manually input users details in to my db using php my admin with the following query:

INSERT INTO users_home

PHP Code:

(user_id,username,first_name,last_name,email,password,registration_date) VALUES ('user_01', 'james', 'smith', 'ames@gmail.com', PASSWORD('12345'), NOW() ) 


now when i try to login using the correct login username and password i get a
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /websites/path_to_site/index.php on line 42 (
which is the mysql_fetch_array line. When the query is run in phpmyadmin i also dont get any results although the record is def there....

I thought it may be something to do with the PASSWORD field. Its set to VARCHAR(41) which is right as far as i know and when i check the db the password is encrypted correctly....so when i did this query to narrow it down a bit:

PHP Code:

SELECT user_id, first_name FROM users_home WHERE username='$u' 


i still didnt get any rows back.

Could anyone think of anything it might be? Im just all out of ideas?

[Dan Grossman]

That error generally means there was a syntax error in your SQL statement that caused it to not execute, so the result resource from it you passed to mysql_fetch_array() isn't valid.

Echo out the SQL statement you tried to run before line 42 and see what's wrong with it yourself.

[bluebeast]

I like echoing mysql_error() , which tells you whats wrong with the query.

[elduderino]

hi there,

thanks for the quick replies! what do you mean by echo the sql statement/echo mysql_error? Ive run it in phpmyadmin and it doesnt work but i cant see anything wrong with the query

[bluebeast]

Put it in the php, the easiest way is to just use it under your query.

PHP Code:

echo mysql_error(); 


[elduderino]

yeah! I did that and i got no database selected......i have a seperate connection script which i then include everytime i need a connection. It seems i had an extra space at in my database name......dont know how it got in there

thanks for your help !