I m trying to make a login system for my web site and I got these warnings, i would appreciate any help


Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/domain/public_html/check_login.php on line 23

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/domain/public_html/check_login.php on line 33

And there is more warnings if i keep using it, all related to check_login.php help


jodie

This could make something clearer if the SELECT-query is te problem:

$result = mysql_query($query) or die (mysql_error());

Otherwise, we need more info (source-code) to help you out!

Well yeah, sure i can send you the hole code:
Find it attached as a zip file

and no, the problem is not in the sql query


Jodie

Perhaps the variable you used as the argument for mysql_fetch_* is not the variable of the result set? And no, I did not look into all the files in your zip file... it was a little bit too much. Can you post a short, concise code example that exhibits this problem?

Well here it is the problematic part:

<?php
session_start();
if (!isset($_SESSION['username']) || !isset($_SESSION['pass']))
{
$logged_in = 0;
return;
}
else
{

if(!get_magic_quotes_gpc())
{
$_SESSION['username'] = addslashes($_SESSION['username']); }

$pass = "SELECT pass FROM users WHERE username= '".$_SESSION['username']."'";
$result = mysql_query($pass);
$num_row = mysql_fetch_row($result);

If (!($num_row))
{
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['pass']);
}

$db_pass = mysql_fetch_array($result);

$db_pass['ac_pass'] = stripslashes($num_row[0]);
$_SESSION['ac_pass'] = stripslashes($_SESSION['ac_pass']);


if($_SESSION['ac_pass'] == $db_pass['ac_pass'])
{
$logged_in = 1;
}
else
{
$logged_in = 0;

unset($_SESSION['c_number']);
unset($_SESSION['ac_pass']);
}
}

unset($db_pass['ac_pass']);

$_SESSION['c_number'] = stripslashes($_SESSION['c_number']);

?>

I send the hole code before because I think the error could also be in some of the settings you know? Is that possible. I apreciate your help so far

Jodie

and when I try to log out I have al these other warnings
I tryed everything but as you know by know I am only new to this

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/domain/public_html/logout.php:1) in /home/domain/public_html/check_login.php on line 4

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/domain/public_html/check_login.php on line 23

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/domain/public_html/check_login.php on line 33

Warning: Cannot modify header information - headers already sent by (output started at /home/domain/public_html/logout.php:1) in /home/domain/public_html/logout.php on line 15

thanks

Well, maybe I'm missing something, but to me it seems as if you've forgot to add the code that makes the database connection. You know, mysql_connect() and mysql_select_db(). Maybe you just didn't include them in your sample code.

If that's not the case, I would go with the other poster's suggestion and use

$result = mysql_query($query) or die (mysql_error());

and also print out the SQL statement so you can see it completely, and try to run that through phpMyAdmin.

hth

well you wont believe me but i do have the conection set up properly. and seeing the query doesn't tell me much. Any way the error is still there :(

Jodie

Can you paste the executed query here (what you see on screen when you print it)

Can you also print the $result ?

$pass = "SELECT pass FROM users WHERE username= '".$_SESSION['username']."'";
$result = mysql_query($pass);
echo ($pass . "<br />" . $result );
exit();


Did you try using a connection-identifyer inside mysql_query() ? Like
mysql_query($pass,$link)
where $link is the connectionhandler.

Why do you ask that isn';t it obvbious
anyway:

SELECT ac_pass FROM users WHERE c_number = 'myusername'

Originally posted by jodie
and seeing the query doesn't tell me much. Any way the error is still there :(


Ok, but maybe showing us the printed query would help us helping you. You did not answer my last question. Does the query, as it was printed out, work correctly when you submit it in phpMyAdmin?

EDIT: Posts crossed, thanks for posting the query. But how would it be obvious to see it - how should we guess what's inside the session you used? :confused:

$pass = "SELECT pass FROM users WHERE username= '".$_SESSION['username']."'";


compared to the query you posted


SELECT ac_pass FROM users WHERE c_number = 'myusername'


the second query can't result from the first query. Now that's confusing, but maybe it hints at the source of your error.

Why do you ask that isn';t it obvbious
No.
The only thing that is 'obvious', is that the $result value is invalid + that is takes 5 seconds to print both the query and the $result value and that this is the easiest way to start debugging this.

And the printed query can't be the result of the query in your code.

+ you do realise there is a MySQL systemtable called "user" so it might be a good idea to choose another tablename to avoid removing accounts by misssing an 's'
+ you have a column called c_number where you check a string against (are you sure that this c_number isn't a numerical variable ?

don't you see the problem is in the middle of the session no tin the login itself, the password checking is correct, the problem might be that at some stage the information is send twice and just in case yes, the two querys are the same, the one i coded and the result and the one i put in my phpadmin and the results
I posted the complete code so some of you can see the hole picture I went trhoug the code many times and I can see that the password checking and the session begins perfect the problem actually begins when i go to other page
Thank you for trying to help i really perciate it.


Jodie

One more thing please see the hole code, the warnings and errors apear in chech_login only but, don't forget that the page is included in other ocasion

Jodie

I think we don't understand eachother.
+ that mordred was probably right and there's no connection open.

Your connection looks like

<?php
//Setting up the Mysql connection

$db_user = 'yourusername'; //Enter your username for mysql host
$db_pass = 'yourpassword'; //Enter your password for mysql host
$db_host = 'localhost'; //Enter your server name usually localhost
$db_name = 'test'; //Enter your Database name, you have to create this database before you run the createtables.php file.

$con= @mysql_connect("$db_host","$db_user","$db_pass")
or die ("Cannot connect to MySql.");

$db = @mysql_select_db("$db_name",$con)
or die ("Cannot select the $db_name database.<br>Please check your details in the database connection file and try again");

//Check If user is already logged or not.
include('check_login.php');

?>


Problem 1 : You first store the username etc in a variable, and then you use that variable in the mysql_connect. Using the variables is then useless
Problem 2 : the variables inside mysql_connect are enclosed in " which makes them strings. So PHP will try to connect to "$db_host" instead of "localhost" , which will fail unless you called the db "$db_host"
Problem 3 : This is not the way to set up connections (in my opinion). The check_login.php shouldn't be a separate file, since it's always included and check_login requires a connection. So it should be 1 file
which could look like

<?php
//Setting up the Mysql connection

$con= @mysql_connect("localhost","yourusername","yourpassword")
or die ("Cannot connect to MySql.");
$db = @mysql_select_db("yourdbname",$con)
or die ("Cannot select the $db_name database.<br>Please check your details in the database connection file and try again");

session_start(); //starts a new session

/* Here we check if username or password session exists or not if it dosent then we set the logged_in variable to 0 and return to our previous called program */
if (!isset($_SESSION['username']) || !isset($_SESSION['password']))
{
$logged_in = 0;
return;
}
else
{
// remember, $_SESSION['password'] will be encrypted.

if(!get_magic_quotes_gpc()) // This gets the current active config of magic quotes. GPC means GET/POST/Cookie.
{
$_SESSION['username'] = addslashes($_SESSION['username']); // addslashes to session username before using in a query.
}

$pass = "SELECT password FROM users WHERE username = '".$_SESSION['username']."'";
$result = mysql_query($pass, $con);
$num_row = mysql_num_rows($result);


echo ("query = " . $pass . "<br />resultID = " . $result . "<br />number of returned rows = " . $num_row );
exit ;


If ($num_row == 0)
{
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
else {
$db_pass = mysql_fetch_array($result);

//compare:

if($_SESSION['password'] == $db_pass['password'])
{
// valid password for username
$logged_in = 1; // they have correct info session Variables.
}
else
{
$logged_in = 0;

unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}



// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);
}
}
?>


So run this and then post the output (the complete output !) here.
It will run until the num_rows. I've changed the funtion to mysql_num_rows + then checked if num_row == 0 since this is what you need.

I also includede an else-clause after the num_row check, cause when there's no user found, the code you have will error-out on the empty array. (You need to fix the indents in an editor)

Originally posted by raf
Problem 2 : the variables inside mysql_connect are enclosed in " which makes them strings. So PHP will try to connect to "$db_host" instead of "localhost" , which will fail unless you called the db "$db_host"


No raf, that's not the case. What you describe would happen if the string would've been enclosed in single quotes. Then the $ would be interpreted literally, as it stands. In double quotes-enclosed string the variables get expanded. In jodies code above it's nevertheless useless to put the quotes around the variables though, since they are already strings.

I didn't know that. Thanks. (I thought it was the same as in ASP)

Anyway, there's no use for quoting and for storing them in variables.

How can I not be conected if afteer i log in I see logged in? Anyway I ll try that and let you knnow the output in a min. plus I don't understand why exactly I need to put the dbconect and check_login together since others pages require db_conect.php
Thank for your help guys


Jodie

plus I don't understand why exactly I need to put the dbconect and check_login together since others pages require db_conect.php
Because, like i said, the check_login.php is ALWAYS included when you run dbconnect.php . So there is no point in including it.
And you can't run check_login.php, without also running db_conect.php.

I you wan't other pages to be able to include db_connect.php WITHOUT also running the check_login, then you can have a db_connect.php file like

<?php

$con= @mysql_connect("localhost","yourusername","yourpassword")
or die ("Cannot connect to MySql.");
$db = @mysql_select_db("yourdbname",$con)
or die ("Cannot select the $db_name database.<br>Please check your details in the database connection file and try again");

?>

and include this file inside check_login.php or other files. If check_login itself is included in another file, then it's better to first include db_connect.php and then include check_login.php inside that file. But i don't have time to read through all your files and see where and how you include them.

yeah that mekes sense. I really can't see a way to make these work so I am goig to look for other tutorials on how to do login pages. it is as simple as that can you recomend any that's actually working because I didn't made this up i just try to followe it as it is but I cna assure you that i am able to connect


Jodie

take your pick

http://search.megaspider.com/XP.html?PHP+Login+tutorial