RomanTaylor
03-27-2009, 06:57 AM
I am pretty new in php, so this is my first experience using headers to secure my pages. I need some help in this.
Here is some errors I've got:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home1/yougotba/public_html/client/include/login.php on line 21
Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 28
Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 29
Sorry, you must enter a valid username and password to log in and access clien page
And here is my php code:
<?php
if (!isset($_POST['login']) || !isset($_POST['password'])) {
//Username or password weren't entered so send the authentication header
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter your username and passowrd to log in and access client area');
}
require_once('main_db.php');
//Grab the user-entered log-in data
$client_username = mysqli_real_escape_string($dbc, trim($_POST['login']));
$client_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
//Look up the username and password in the database
$query = "SELECT client_id, name FROM main_data WHERE login = '$client_username' AND " .
"pas = SHA('$client_password')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The log-in is OK so set the user ID and username variables
$user_id = $row['user_id'];
$client_name = $row['name'];
}
else {
// The username/password are incorrect so send authentication headers
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter a valid username and password to log in and access clien page');
}
//Confirm the successful log-in
echo 'You are logged in as ' . $user_id . '.';
?>
Thanks in advance.
Here is some errors I've got:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home1/yougotba/public_html/client/include/login.php on line 21
Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 28
Warning: Cannot modify header information - headers already sent by (output started at /home1/yougotba/public_html/client/include/login.php:21) in /home1/yougotba/public_html/client/include/login.php on line 29
Sorry, you must enter a valid username and password to log in and access clien page
And here is my php code:
<?php
if (!isset($_POST['login']) || !isset($_POST['password'])) {
//Username or password weren't entered so send the authentication header
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter your username and passowrd to log in and access client area');
}
require_once('main_db.php');
//Grab the user-entered log-in data
$client_username = mysqli_real_escape_string($dbc, trim($_POST['login']));
$client_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
//Look up the username and password in the database
$query = "SELECT client_id, name FROM main_data WHERE login = '$client_username' AND " .
"pas = SHA('$client_password')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The log-in is OK so set the user ID and username variables
$user_id = $row['user_id'];
$client_name = $row['name'];
}
else {
// The username/password are incorrect so send authentication headers
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Client_area"');
exit('Sorry, you must enter a valid username and password to log in and access clien page');
}
//Confirm the successful log-in
echo 'You are logged in as ' . $user_id . '.';
?>
Thanks in advance.