Login Trouble

Everytime I try to log into a site that I’ve developed for a client I get two error messages. One says incorrect username or password, and the other says: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mathlif1/public_html/checklogin.php on line 26, which is

$count=mysql_num_rows($result);

CHECKLOGIN.PHP

<?php
$host=“localhost”; // Host name
$username=“thisismyusername”; // Mysql username
$password=“)thisismypassword”; // Mysql password
$db_name=“thisismydbname”; // Database name
$tbl_name=“thisismytablename”; // Table name

// Connect to server and select databse.
mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”);
mysql_select_db(“$db_name”)or die(“cannot select DB”);

// username and password sent from form
$myusername=$_POST[‘myusername’];
$mypassword=$_POST[‘mypassword’];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql=“SELECT * FROM $tbl_name WHERE username=‘$myusername’ and password=‘$mypassword’”;
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file “login_success.php”
session_register(“myusername”);
session_register(“mypassword”);
header(“location:login_success.php”);
}
else {
echo “Wrong Username or Password”;
}
?>

LOGIN_SUCCESS.PHP

// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
<?
session_start();
if(!session_is_registered(myusername)){
header(“location:main_login.php”);
}
?>

<html>
<body>
Login Successful
</body>
</html>

MAIN_LOGIN.PHP

<table width=“300” border=“0” align=“center” cellpadding=“0” cellspacing=“1” bgcolor=“#CCCCCC”>
<tr>
<form name=“form1” method=“post” action=“checklogin.php”>
<td>
<table width=“100%” border=“0” cellpadding=“3” cellspacing=“1” bgcolor=“#FFFFFF”>
<tr>
<td colspan=“3”><strong>Member Login </strong></td>
</tr>
<tr>
<td width=“78”>Username</td>
<td width=“6”>:</td>
<td width=“294”><input name=“myusername” type=“text” id=“myusername”></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name=“mypassword” type=“text” id=“mypassword”></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type=“submit” name=“Submit” value=“Login”></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

LOGOUT.PHP

// Put this code in first line of web page.
<?
session_start();
session_destroy();
?>

My username, password, table name and database name are correct, and on the login form, the fields are correctly labeled. I’m trying to learn how to do this as quickly as possible but the login must be completed within a week from now, so if anyone can point out where my error(s) is, it would be appreciated.

Thanks

It’s all good guys, I poured Diet Pepsi onto the keyboard and it fixed the problem. I just had to change some variables that said $mypassword to $password so they all matched.

Strange shouldn’t there be a browse button as well?

There is one member according to the above table.

Table: Members; Records: 1.

My bad…I’ll change that back and check again

Wrong Username or Password.
Ok so there are no more error messages except for this validation…

In PHPmyAdmin I’m looking at the table called members and I don’t see any users listed in the table.

Can you post the whole code you now have for checklogin.php?

As immerse pointed out, you can’t use apostrophes around table or field names. Instead, you have to use backticks (`).

So your sql code should be:

$sql="SELECT * FROM `$tbl_name` WHERE username='$username' and  password='$password'";

Ok so the error message I’m getting is

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

I have:

id Type: int(4) Null: no, Default: none, Extra: auto_increment
username and password are both varchar(65) with latin1_swedish_ci for the collation.

I just saw the following:

I have created the table called members. His MySQL username is mathlif1 so the table would technically be called mathlif1_members right?

Surely the table name stays the same irrespective of what the username is.

My connection info is as follows and stays static.

$host=“localhost”; // Host name
$username=“root”; // Mysql username
$password=“kmcddwc”; // Mysql password
$db_name=“loginexample”; // Database name
$tbl_name=“webusers”; // Table name

but there may be something I don’t know yet.

Good thing I’m not doing this for a living right now because my current PHP skills totally suck lol

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mathlif1/public_html/checklogin.php on line 35
Wrong Username or Password

No it’s saying there’s a problem with ‘members’.
In this case, it’s the apostrophes.
Table names should not be enclosed in apostrophes (') but back ticks (`).

Try changing that and then seeing what happens. :slight_smile:

I got:

Query Failed: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘members’ WHERE username=‘mathlif1_test’ and password=’)mathlif1password’’ at line 1

SQL: SELECT * FROM ‘members’ WHERE username=‘mathlif1_test’ and password=‘)mathlif1password’

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mathlif1/public_html/checklogin.php on line 35
Wrong Username or Password

So is it telling me that my username or password are not actually correct? On line 35 I have:

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file “login_success.php”
session_register(“myusername”);
session_register(“mypassword”);
header(“location:login_success.php”);
}
else {
echo “Wrong Username or Password”;
}
?>

Is it saying that my table that’s called members which holds the login info is built incorrectly?

Hey thank you for the quick reply to my problem.
I put in the code you gave me and entered my username and password but this message showed up:

Quote:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/mathlif1/public_html/checklogin.php on line 25
Wrong Username or Password
I’m pretty new to the syntax of PHP and am going through tutorials to figure out what I can do. You said for me to use a mysql_error code so I looked up the command… I should put:

Quote:
echo mysql_error ()
I got the following example from http://php.net/manual/en/function.mysql-error.php after reading what you said:

Quote:
<?php
$link = mysql_connect(“localhost”, “mysql_user”, “mysql_password”);

mysql_select_db(“nonexistentdb”, $link);
echo mysql_errno($link) . ": " . mysql_error($link). "
";

mysql_select_db(“kossu”, $link);
mysql_query(“SELECT * FROM nonexistenttable”, $link);
echo mysql_errno($link) . ": " . mysql_error($link) . "
";
?>
… I’m sorry, I don’t mean to be a total ass but can you briefly talk me through what needs to be done?

// code to establish connection to the database here

$sql="SELECT * FROM '$tbl_name' WHERE username='$myusername' and  password='$mypassword'";

if (!$result=mysql_query($sql)) {
    echo("<p><b>Query Failed:</b><i> <b>".mysql_errno()."</b> ".mysql_error()."</i></p><p><b>SQL:</b><i> ".$sql."</i><p/><br/>");
}

Ok, first the query is built and placed into the variable $sql. mysql_query is then used in an if statement, in the case of the above if false is returned, the conditional statement is run, which displays the error number, the error message and the query that was tried .

NB: For a live app you would log the error instead of displaying it.

If a result set is returned instead of false then the result set is available to be used. Depending on what the app is you might want to have either a return or a die command after the display of the error but before the }

I hope that helps.

The most likely cause is that the query failed, try:

$sql="SELECT * FROM '$tbl_name' WHERE username='$myusername' and  password='$mypassword'";

You can use mysql_error() to grab whatever the error is, using an if { } block to check for the output of mysql_result() which will return false if the error fails.

I use phpMyAdmin to manage the database and insert the test data manually.

Are you able to list the data in the table to see what is in there?

Mine works ok so you must be almost there.

Sure thing:

<?php
$host="localhost"; // Host name
$username="mathlif1_test"; // Mysql username
$password=")XXXXXXX"; // Mysql password
$db_name="mathlif1_members"; // Database name
$tbl_name='members'; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password", "$db_name")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// code to establish connection to the database here

$sql="SELECT * FROM '$tbl_name' WHERE username='$username' and  password='$password'";

// if (!$result=mysql_query($sql)) {
//    echo("<p><b>Query Failed:</b><i> <b>".mysql_errno()."</b> ".mysql_error()."</i></p><p><b>SQL:</b><i> ".$sql."</i><p/><br/>");
// } 
$result=mysql_query($sql);





// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

I trust that you have got this to work.

I took your code as it was what I was looking for as a learning exemple and
used:

$sql=“SELECT * FROM webusers WHERE username='” . $myusername . “’ and password = '” . $mypassword . “'”;

which worked but I suppressed the session start and session registration as I have not read up on this yet and it produced an error anyway.

How far have you got with your clients system?

My client wants just a couple of pages of his site to be available only to people who log in. I have started working on this for a few days now and have been reading as much as I can on PHP and looking at examples of login scripts.

The four files that I have shown in my post are all I have uploaded to the server. I have created the table called members. His MySQL username is mathlif1 so the table would technically be called mathlif1_members right?

I’m not sure exactly what other information you’d like, but the contents of the table show

SELECT *
FROM members
LIMIT 0 , 30

I’ve got three fields… id, username and password

It looks like I no longer have any information in the table. I remember inserting the username and password into the table but now it’s either no longer there or I do not know how to view it. Maybe that was the problem and I should try to add those values again?