Jump to content

whats this error?


shujjah
 Share

Recommended Posts

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\xampp\htdocs\checkpass.php on line 10Wrong username or password!checkpass.php

<?php		session_start();		include "mysql.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `userdb` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$mysql);		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				header("Location: secret.php");		}?>

Link to comment
Share on other sites

  • Replies 153
  • Created
  • Last Reply

Top Posters In This Topic

That error means that you are sending something to mysql_num_rows that is not a valid result. The return value from mysql_query will not be a valid result if the query had a syntax error in it. Check mysql_error() to see what it was.

Link to comment
Share on other sites

whats thisParse error: syntax error, unexpected $end in D:\xampp\htdocs\adduser.php on line 30adduser.php

<?php		session_start();		include "mysql.php";		$username = addslashes($_POST['username']);		$email = addslashes($_POST['email']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$_POST['password2'] = addslashes($_POST['password2']); // same ^^		$checkUsername = mysql_query("SELECT `username` FROM `userdb` ". "WHERE `username` = '" . $_POST['username'] . "'",$mysql);		if(mysql_num_rows($checkUsername) == "1"){				echo "Someone took that username<p>";				include "signup.php";				exit;		}		If(strlen($_POST['username'] > 32)){				echo "The username is too long<p>";				include "signup.php";				exit;		if($_POST['password'] != $_POST['password2']){				echo "Both passwords must be the same<p>";				include "signup.php";				exit;		}		$password = md5($_POST['password']);		mysql_query("INSERT INTO `userdb` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql);		$_SESSION['user'] = $username;		header("Location: secret.php");?>

Link to comment
Share on other sites

ah ok thnkx but there is a probthis is the signup page

<html>  <head>  <title>Signup</title>  </head><body>  Signup<p><form method='POST' action='adduser.php'>Username you want:<input type='text' name='username' maxLength='100' length='16'><br/> Password: <input type='password' length='16' maxLength='40' name='password'><br/> Password again: <input type='password' name='password2' maxLength='40' length='16'><br/> Your Email:<input type='text' name='email' maxLength='100' length='16'><br/><input type='submit' value='Sign Up!'></form></body></html>

this is adduser.php

<?php		session_start();		include "mysql.php";		$username = addslashes($_POST['username']);		$email = addslashes($_POST['email']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$_POST['password2'] = addslashes($_POST['password2']); // same ^^		$checkUsername = mysql_query("SELECT `username` FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'",$mysql);		if(mysql_num_rows($checkUsername) == "1"){				echo "Someone took that username<p>";				include "signup.php";				exit;		}		If(strlen($_POST['username'] > 40)){				echo "The username is too long<p>";				include "signup.php";				exit;		if($_POST['password'] != $_POST['password2']){				echo "Both passwords must be the same<p>";				include "signup.php";				exit;		}		$password = md5($_POST['password']);		mysql_query("INSERT INTO `users` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql);		$_SESSION['user'] = $username;		header("Location: secret.php");}?>

but this add user wont work i mean even if i submit the form it wont enter the info into the databaseand also if both the passwords dont match even then it wont show the that Both passwords are not same what is wrongand if i wont to tell the user that the info was ok and was entered into the databsewill i add echo "information added" before the last } or after it ? and if its not then i will addelse { echo"something wrong with the form plz inform the admin" } after the end of if statement right?

Link to comment
Share on other sites

Yeah, you put the bracket in the wrong place. This is the if statement that starts:If(strlen($_POST['username'] > 40)){You put the closing bracket at the end of the code, so all of this code gets executed only if the username is longer then 40 characters:

				echo "The username is too long<p>";				include "signup.php";				exit;		if($_POST['password'] != $_POST['password2']){				echo "Both passwords must be the same<p>";				include "signup.php";				exit;		}		$password = md5($_POST['password']);		mysql_query("INSERT INTO `users` (`username`,`password`,`email`) ". "VALUES ('" . $username . "','" . $password . "','" . $email . "')",$mysql);		$_SESSION['user'] = $username;		header("Location: secret.php");

Close the if statement like you do with the other ones and it should work.

Link to comment
Share on other sites

i just want a favour from you or anyone elsei just want a script no more than 4 if statementsthe script will be called access.phpand it will contain

it will get the data from the login script and it will check what access that user hasfrom exampleif the user has access 0 echo the admin hasent given a status to $username yet. Please inform the adminif the user has access 1 redirect him to lets say reviews.php  and in the top of that reviews.php where u check the session it shud also check its access so that noone else can go thereif the user has access 2 redirect him to lets say news.php  and in the top of that news.php where u check the session it shud also check its access so that noone else can go thereif the user has access 2 redirect him to lets say editor.php  and in the top of that editor.php where u check the session it shud also check its access so that noone else can go thereso this is basically iti dont want u to make the reviews.php or news.php i just want that seesion code that will also check whthere someone is logged in and also his access

i have created a access field in the users table which is int.hope someone can help

Link to comment
Share on other sites

i just realised i wont need it instead i will create categories and will allow all the registered members to add articleand article will have categories such as reviews,news etcbut i will still need the access.php to check if the user has access 0 so lets say redirect him to submit-news.phpand if 1 then redirect him to editor-panel.phpso... can anyone help me?

Link to comment
Share on other sites

You probably don't want the permission checking code to just redirect to something if the access is correct. You want to determine what type of access they need on a certain page, check what they actually do have, and redirect if its not the same. You can look up the access field from the database using the $_SESSION['user'] variable, just make sure you use session_start before you use the variable.

Link to comment
Share on other sites

so i will use this in the start of every page?

<?phpsession_start();$access=mysql_query('Select access From users Where username="$_SESSION['user']"') if(!isset($_SESSION['user'])){	// check if the user is logged in	// the user is not logged in	header("Location: login.php"); // take him/her to the login page}if (!isset($_SESSION['user'])) && ($access==0||1){//shows the page  that is only for members and admins}?>

so i have come up with this code that i will put in the top of everpage what do u think is it correct if not then plz can u tell the the code i shud use in the top of ever restricted script? plz?

Link to comment
Share on other sites

secret.php

<?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="$_SESSION['user']"');if(!isset($_SESSION['user'])){	// check if the user is logged in	// the user is not logged in	header("Location: login.php"); // take him/her to the login page}if (isset($_SESSION['user'])) && ($access == 0 || $access == 1) {echo "this page is only for members and admins hahahhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"//shows the page  that is only for members and admins}?>

this is the code and iam getting this errorParse error: syntax error, unexpected T_STRING in D:\xampp\htdocs\secret.php on line 4

Link to comment
Share on other sites

This is the line:$access = mysql_query('Select access From users Where username="$_SESSION['user']"');You're trying to do variable replacement in a single-quoted string, that doesn't work. Variables only get replaced in a double-quoted string. You either need to do this:$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');or this:$access = mysql_query("Select access From users Where username='{$_SESSION['user']}'");

Link to comment
Share on other sites

Look at the parentheses, the if statement ends here:if (isset($_SESSION['user']))There are 2 open parens, and 2 closing parens, it ends there. All of this stuff: && ($access == 0 || $access == 1)is not part of the if statement, it is not inside the parens.

Link to comment
Share on other sites

now i get this Parse error: syntax error, unexpected '}', expecting ',' or ';' in D:\xampp\htdocs\secret.php on line 14secret.php

<?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');if(!isset($_SESSION['user'])){	// check if the user is logged in	// the user is not logged in	header("Location: login.php"); // take him/her to the login page}if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {echo "this page is only for members and admins hahahhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"//shows the page  that is only for members and admins}?>

Link to comment
Share on other sites

The secret.php page doesn't have any output. You don't want to redirect to secret.php, you want to include it so that it checks the access. Use this to include it on a page to protect that page:require_once 'secret.php';

Link to comment
Share on other sites

i dont really get what you are saying so that means i will have to create another script that will only check if the access is 1 and if it is one then show the page otherwise not?so when someone logs in he will be redirected to lets say add.php and from there he can go to addnews.php and addreview.php andon the top of add.php, addnews.php and addreviews.phpthere will be

require_once'secret.php';

and secret.php will be

<?phpsession_start(); // start the sessioninclude_once('mysql.php');$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');if(!isset($_SESSION['user'])){	// check if the user is logged in	// the user is not logged in	header("Location: login.php"); // take him/her to the login page}if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {//shows the page  that is only for members and admins}?>

right?and lets say add.php contains this code

<?phprequire_once'secret.php';echo "this is ................."?>

so this code will first check secret.php and will see if the access is 1 or 0 then show this is......... otherwise not?and forexample i want to make a page (admin.php) only for editors so for that i will have to create another script lets say edsecret.phpwhich will check if the uesr is logged in if not redirect to login.php and will then check if the access is 0 then echo this page is restriced to editors only and then will check if access is 1.so on the top of admin.phpi will add

 require_once'edsecret.php';

?and this will check if the access is 1 then show admin.php otherwise not?plz tell me in detail :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...