I am getting the following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/habat/public_html/housekeeping/login_system/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output started at /home/habat/public_html/housekeeping/login_system/login.php:24) in /home/habat/public_html/housekeeping/login_system/login.php on line 26
Here is the code that it is coming from:
elseif($act == "auth") //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md5
include("includes/connect.php"); //connects to our mysql database
$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header("Location: login.php"); //redirects to our login page
die(); //stops the page from going any further
}
The second error is related to the first; the output from the first error is sending HTML Headers.
The first error is occuring because your query is failing. Try this.
$sql = "SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`";
echo $sql;
$login = mysql_query($sql); //selects info from our table if the row has the same user and pass that our form does
echo mysql_error();
if(!mysql_num_rows($login)) //if the username and pass are wrong
SELECT * FROM users WHERE user = ‘Bobby’ AND pass = ‘9c48ab74ee99a2d90482b3af2a2c1aecYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''9c48ab74ee99a2d90482b3af2a2c1aec’ at line 1
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/habat/public_html/housekeeping/login_system/login.php on line 27
Warning: Cannot modify header information - headers already sent by (output started at /home/habat/public_html/housekeeping/login_system/login.php:24) in /home/habat/public_html/housekeeping/login_system/login.php on line 29
Does that help any better? Thanks so much for your help.
Yup. Take a -reeeeeeal- close look at your query…
$sql = "SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass[COLOR="Red"]`[/COLOR]";
I spy with my little eye a backtick that should be a quotation mark…
Thank you so much for that.
I still get this error though. It is the first error. What might it be caused from?
Warning: Cannot modify header information - headers already sent by (output started at /home/habat/public_html/housekeeping/login_system/login.php:24) in /home/habat/public_html/housekeeping/login_system/login.php on line 29
Warning: Cannot modify header information - headers already sent by (output started at /home/habat/public_html/housekeeping/login_system/login.php:24)
Line 24 would be…
include(“includes/connect.php”);
So is there something in that file that sends output?
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(“Location: login.php”); //redirects to our login page
die(); //stops the page from going any further
}
So, do I just remove one?
Well if your include needs to send output, what you could do is
echo "<script type='text/javascript'>window.location = 'login.php'</script>";
die();
Which will use javascript to bounce the user on, rather than a header.
I replaced the one with the code in both of the files, and when I replaced it in login.php, it gave me errors, and when I replaced it in protect.php, it just refreshed the page.
“it gave me errors”.
Care to elaborate, or shall i just guess blindly what they were and try and solve them? 
If I replace it in login.php, it gave me the same error:
Warning: Cannot modify header information - headers already sent by (output started at /home/habat/public_html/housekeeping/login_system/protect.php:6) in /home/habat/public_html/housekeeping/login_system/protect.php on line 8
However, if I replaced it in protect.php, whenever I tried to login, it just refreshed the page and didn’t log me in.
well what’s protect.php lines 5-8?
You can only ever send headers once - what sends headers?
header()
session_start()* (doesnt send headers but must be executed prior to headers being sent, so i include it here)
any echo, print, etc
any white space or characters outside of <?php ?> blocks.
Here is my login.php code:
<?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('<form action="login.php?act=auth" method="post" name="loginform" id="loginform">
<p>Username
<input type="text" name="user">
</p>
<p>Password
<input type="password" name="pass">
</p>
<p>
<input type="submit" name="Submit" value="Login">
</p>
</form>');
}
elseif($act == "auth") //if our page action = auth
{
$user = $_POST['user'];
$pw = $_POST['pass'];
$pass = md5($pw);
include("includes/connect.php");
$sql = "SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass'";
$login = mysql_query($sql);
echo mysql_error();
if(!mysql_num_rows($login))
{
header("Location: login.php");
die();
}
else
{
setcookie("user", $user, time()+3600);//sets our user cookie
setcookie("pass", $pass, time()+3600);//sets our pass cookie
header("Location: housekeeping.php");
}
}
?>
Here is my protect.php code:
<?php
$user = $_COOKIE['user'];
$pass = $_COOKIE['pass'];
include("includes/connect.php");
$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`");
if(!mysql_num_rows($login))
{
header("Location: login.php");
die();
}
?>
I see where the both headers are directing towards login.php, I just do not know how to fix that issue
try adding an entry in the db table and try executing the query. probably the table contains 0 rows and this creates the problem. there is some config to suppress the warning, but not sure what the config is…