shujjah Posted June 28, 2007 Share Posted June 28, 2007 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\checkpass.php on line 10Wrong username or password!checkpass.php <?php session_start(); include "mysql.php"; $_POST['username'] = addslashes($_POST['username']); // protects against SQL injection $_POST['password'] = addslashes($_POST['password']); // same ^^ $password = md5($_POST['password']); // encrypt the password $userrow = mysql_query("SELECT * FROM `userdb` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$mysql); if(mysql_num_rows($userrow) != "1"){ // no rows found, wrong password or username echo "<font color='red'><b>Wrong username or password!</b></font>"; include "login.php"; } else { // 1 row found exactly, we have the user! $_SESSION['user'] = $_POST['username']; header("Location: secret.php"); }?> Link to comment Share on other sites More sharing options...
justsomeguy Posted June 28, 2007 Share Posted June 28, 2007 That error means that you are sending something to mysql_num_rows that is not a valid result. The return value from mysql_query will not be a valid result if the query had a syntax error in it. Check mysql_error() to see what it was. Link to comment Share on other sites More sharing options...
shujjah Posted June 28, 2007 Author Share Posted June 28, 2007 how to check?oh ok got it Link to comment Share on other sites More sharing options...
shujjah Posted June 28, 2007 Author Share Posted June 28, 2007 whats thisParse error: syntax error, unexpected $end in D:\xampp\htdocs\adduser.php on line 30adduser.php <?php session_start(); include "mysql.php"; $username = addslashes($_POST['username']); $email = addslashes($_POST['email']); // protects against SQL injection $_POST['password'] = addslashes($_POST['password']); // same ^^ $_POST['password2'] = addslashes($_POST['password2']); // same ^^ $checkUsername = mysql_query("SELECT `username` FROM `userdb` ". "WHERE `username` = '" . $_POST['username'] . "'",$mysql); if(mysql_num_rows($checkUsername) == "1"){ echo "Someone took that username<p>"; include "signup.php"; exit; } If(strlen($_POST['username'] > 32)){ echo "The username is too long<p>"; include "signup.php"; exit; if($_POST['password'] != $_POST['password2']){ echo "Both passwords must be the same<p>"; include "signup.php"; exit; } $password = md5($_POST['password']); mysql_query("INSERT INTO `userdb` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql); $_SESSION['user'] = $username; header("Location: secret.php");?> Link to comment Share on other sites More sharing options...
justsomeguy Posted June 28, 2007 Share Posted June 28, 2007 The script ended unexpectedly. You start an if statement here:If(strlen($_POST['username'] > 32)){that you never end. Link to comment Share on other sites More sharing options...
shujjah Posted June 28, 2007 Author Share Posted June 28, 2007 so how to solve it? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 28, 2007 Share Posted June 28, 2007 End the if statement, you forgot a } Link to comment Share on other sites More sharing options...
shujjah Posted June 28, 2007 Author Share Posted June 28, 2007 ah ok thnkx but there is a probthis is the signup page <html> <head> <title>Signup</title> </head><body> Signup<p><form method='POST' action='adduser.php'>Username you want:<input type='text' name='username' maxLength='100' length='16'><br/> Password: <input type='password' length='16' maxLength='40' name='password'><br/> Password again: <input type='password' name='password2' maxLength='40' length='16'><br/> Your Email:<input type='text' name='email' maxLength='100' length='16'><br/><input type='submit' value='Sign Up!'></form></body></html> this is adduser.php <?php session_start(); include "mysql.php"; $username = addslashes($_POST['username']); $email = addslashes($_POST['email']); // protects against SQL injection $_POST['password'] = addslashes($_POST['password']); // same ^^ $_POST['password2'] = addslashes($_POST['password2']); // same ^^ $checkUsername = mysql_query("SELECT `username` FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'",$mysql); if(mysql_num_rows($checkUsername) == "1"){ echo "Someone took that username<p>"; include "signup.php"; exit; } If(strlen($_POST['username'] > 40)){ echo "The username is too long<p>"; include "signup.php"; exit; if($_POST['password'] != $_POST['password2']){ echo "Both passwords must be the same<p>"; include "signup.php"; exit; } $password = md5($_POST['password']); mysql_query("INSERT INTO `users` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql); $_SESSION['user'] = $username; header("Location: secret.php");}?> but this add user wont work i mean even if i submit the form it wont enter the info into the databaseand also if both the passwords dont match even then it wont show the that Both passwords are not same what is wrongand if i wont to tell the user that the info was ok and was entered into the databsewill i add echo "information added" before the last } or after it ? and if its not then i will addelse { echo"something wrong with the form plz inform the admin" } after the end of if statement right? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 28, 2007 Share Posted June 28, 2007 Yeah, you put the bracket in the wrong place. This is the if statement that starts:If(strlen($_POST['username'] > 40)){You put the closing bracket at the end of the code, so all of this code gets executed only if the username is longer then 40 characters: echo "The username is too long<p>"; include "signup.php"; exit; if($_POST['password'] != $_POST['password2']){ echo "Both passwords must be the same<p>"; include "signup.php"; exit; } $password = md5($_POST['password']); mysql_query("INSERT INTO `users` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql); $_SESSION['user'] = $username; header("Location: secret.php"); Close the if statement like you do with the other ones and it should work. Link to comment Share on other sites More sharing options...
shujjah Posted June 29, 2007 Author Share Posted June 29, 2007 i just want a favour from you or anyone elsei just want a script no more than 4 if statementsthe script will be called access.phpand it will contain it will get the data from the login script and it will check what access that user hasfrom exampleif the user has access 0 echo the admin hasent given a status to $username yet. Please inform the adminif the user has access 1 redirect him to lets say reviews.php and in the top of that reviews.php where u check the session it shud also check its access so that noone else can go thereif the user has access 2 redirect him to lets say news.php and in the top of that news.php where u check the session it shud also check its access so that noone else can go thereif the user has access 2 redirect him to lets say editor.php and in the top of that editor.php where u check the session it shud also check its access so that noone else can go thereso this is basically iti dont want u to make the reviews.php or news.php i just want that seesion code that will also check whthere someone is logged in and also his access i have created a access field in the users table which is int.hope someone can help Link to comment Share on other sites More sharing options...
shujjah Posted June 29, 2007 Author Share Posted June 29, 2007 i just realised i wont need it instead i will create categories and will allow all the registered members to add articleand article will have categories such as reviews,news etcbut i will still need the access.php to check if the user has access 0 so lets say redirect him to submit-news.phpand if 1 then redirect him to editor-panel.phpso... can anyone help me? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 29, 2007 Share Posted June 29, 2007 You probably don't want the permission checking code to just redirect to something if the access is correct. You want to determine what type of access they need on a certain page, check what they actually do have, and redirect if its not the same. You can look up the access field from the database using the $_SESSION['user'] variable, just make sure you use session_start before you use the variable. Link to comment Share on other sites More sharing options...
shujjah Posted June 30, 2007 Author Share Posted June 30, 2007 so i will use this in the start of every page? <?phpsession_start();$access=mysql_query('Select access From users Where username="$_SESSION['user']"') if(!isset($_SESSION['user'])){ // check if the user is logged in // the user is not logged in header("Location: login.php"); // take him/her to the login page}if (!isset($_SESSION['user'])) && ($access==0||1){//shows the page that is only for members and admins}?> so i have come up with this code that i will put in the top of everpage what do u think is it correct if not then plz can u tell the the code i shud use in the top of ever restricted script? plz? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 30, 2007 Share Posted June 30, 2007 You can't do things like this:($access==0||1)you need to do this:($access == 0 || $access == 1) Link to comment Share on other sites More sharing options...
shujjah Posted July 1, 2007 Author Share Posted July 1, 2007 secret.php <?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="$_SESSION['user']"');if(!isset($_SESSION['user'])){ // check if the user is logged in // the user is not logged in header("Location: login.php"); // take him/her to the login page}if (isset($_SESSION['user'])) && ($access == 0 || $access == 1) {echo "this page is only for members and admins hahahhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"//shows the page that is only for members and admins}?> this is the code and iam getting this errorParse error: syntax error, unexpected T_STRING in D:\xampp\htdocs\secret.php on line 4 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 1, 2007 Share Posted July 1, 2007 This is the line:$access = mysql_query('Select access From users Where username="$_SESSION['user']"');You're trying to do variable replacement in a single-quoted string, that doesn't work. Variables only get replaced in a double-quoted string. You either need to do this:$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');or this:$access = mysql_query("Select access From users Where username='{$_SESSION['user']}'"); Link to comment Share on other sites More sharing options...
shujjah Posted July 1, 2007 Author Share Posted July 1, 2007 now i am getting thisParse error: syntax error, unexpected T_BOOLEAN_AND in D:\xampp\htdocs\secret.php on line 10 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 2, 2007 Share Posted July 2, 2007 This has a misplaced parenthese:if (isset($_SESSION['user'])) && ($access == 0 || $access == 1) Link to comment Share on other sites More sharing options...
shujjah Posted July 2, 2007 Author Share Posted July 2, 2007 what parenthese?how to solve it i dont get what u are saying plz tell me how to solve this Link to comment Share on other sites More sharing options...
justsomeguy Posted July 2, 2007 Share Posted July 2, 2007 Look at the parentheses, the if statement ends here:if (isset($_SESSION['user']))There are 2 open parens, and 2 closing parens, it ends there. All of this stuff: && ($access == 0 || $access == 1)is not part of the if statement, it is not inside the parens. Link to comment Share on other sites More sharing options...
shujjah Posted July 2, 2007 Author Share Posted July 2, 2007 now i get this Parse error: syntax error, unexpected '}', expecting ',' or ';' in D:\xampp\htdocs\secret.php on line 14secret.php <?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');if(!isset($_SESSION['user'])){ // check if the user is logged in // the user is not logged in header("Location: login.php"); // take him/her to the login page}if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {echo "this page is only for members and admins hahahhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"//shows the page that is only for members and admins}?> Link to comment Share on other sites More sharing options...
justsomeguy Posted July 2, 2007 Share Posted July 2, 2007 There's no semicolon on the echo statement. Link to comment Share on other sites More sharing options...
shujjah Posted July 2, 2007 Author Share Posted July 2, 2007 thnkx now there is no error but it is showing be a blank page???i checked phpmyadmin and teh username has access 1 so it shud show that page but it is notafter i login it redirects me to secret.php but gives me a blank page?!!! Link to comment Share on other sites More sharing options...
justsomeguy Posted July 2, 2007 Share Posted July 2, 2007 The secret.php page doesn't have any output. You don't want to redirect to secret.php, you want to include it so that it checks the access. Use this to include it on a page to protect that page:require_once 'secret.php'; Link to comment Share on other sites More sharing options...
shujjah Posted July 3, 2007 Author Share Posted July 3, 2007 i dont really get what you are saying so that means i will have to create another script that will only check if the access is 1 and if it is one then show the page otherwise not?so when someone logs in he will be redirected to lets say add.php and from there he can go to addnews.php and addreview.php andon the top of add.php, addnews.php and addreviews.phpthere will be require_once'secret.php'; and secret.php will be <?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');if(!isset($_SESSION['user'])){ // check if the user is logged in // the user is not logged in header("Location: login.php"); // take him/her to the login page}if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {//shows the page that is only for members and admins}?> right?and lets say add.php contains this code <?phprequire_once'secret.php';echo "this is ................."?> so this code will first check secret.php and will see if the access is 1 or 0 then show this is......... otherwise not?and forexample i want to make a page (admin.php) only for editors so for that i will have to create another script lets say edsecret.phpwhich will check if the uesr is logged in if not redirect to login.php and will then check if the access is 0 then echo this page is restriced to editors only and then will check if access is 1.so on the top of admin.phpi will add require_once'edsecret.php'; ?and this will check if the access is 1 then show admin.php otherwise not?plz tell me in detail Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.