just hoping that someone can help me, im working on getting a login script to work for my home server. The script was found at http://www.phpeasystep.com/workshopview.php?id=6

this is the script im working on
<?php
$host="localhost"; // Host name
$username="php"; // Mysql username
$password=":):):):):)"; // Mysql password
$db_name="members"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>


when i enter all the information i get "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/checklogin.php on line 26
Wrong Username or Password"
the database is all set up properly as far as i can tell any advise to what to look for or what i need to change would be helpful...

I am self teaching myself the LAMP stack so I am no expert. However this is the approach I would take.

Check your database:

mysql>
use members
describe users

select * from users

check that the output from these commands is what you expect, ie correct fields and there is an existing record with the username and password you are specifying on login form and that the data is in the correct fields.



This is where it is failing:
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

So the value in $result is nonsense as far as the function mysql_num_rows is concerned.

try this:
$result = mysql_query ($query) or die("Query error: ". mysql_error());

Should give you a clue as to why $result is not a valid resource.

ok your line gave me an idea. i put in a few echo"$variable" at select places with select variables and it turned up that the variable $result is empty... your command mysq_error came back as query empty. echo "$sql" returns something but $result returns nothing any ideas?

$sql returns "SELECT * FROM users WHERE username='takumi' and password='*******')
*password was removed*

What does $sql contain before it is passed to mysql_query()?
You say "echo "$sql" returns something". What is that something?

Your select statement looks fine though, so I would guess the problem lies in your dataset. (or the username and password being posted from the form)

Log into mysql as php on the command line and check that the username and password have been stored correctly under the correct fields in the table users.

The mysql user php needs to have at least SELECT privileges GRANTed on the table members.users.

mysql>SHOW GRANTS FOR php@localhost

If php does not have these privileges and you have to grant them, remember to FLUSH PRIVILEGES afterwards.


On another track, is your form data submitted via get or post?

For post data is $_REQUEST['formDataItem'];
For get data is $_POST['formDataItem'];.

That should be:



For post data is $_POST['formDataItem'];
For get data is $_GET['formDataItem'];.

$_REQUEST contains the contents of $_POST, $_GET and $_COOKIE.

That should be:



$_REQUEST contains the contents of $_POST, $_GET and $_COOKIE.

A form POST provides only $_POST and a form GET provides only $_GET. However, both sets of data are always available in $_REQUEST. Is this true?

This is a moot point now though, as I see that data from the login form is actually reaching the script.

Yes however $_POST, $_GET and $_REQUEST are separate variables so if $_GET or $_POST is changed at runtime only the original values will remain in $_REQUEST. Check the PHP documentation.

... im lost so ill just make assumptions, i think the real problem with the script is in "$result = mysql_query($sql);" part because sql has data in it maby not what sql need for a query but still has data. and after the command executes $result has no data. any other info u need because im lost..

... im lost so ill just make assumptions, i think the real problem with the script is in "$result = mysql_query($sql);" part because sql has data in it maby not what sql need for a query but still has data. and after the command executes $result has no data. any other info u need because im lost..

Basically your database is returning an empty result.. nothing. Did you try this query using a mysql tool and it gave back results?

Are you sure you don't need to do an md5 hash on the password in the sql query?

ok i think i figured it out... impressive since i know no php... the problem was there was a typo in the database the username in my database was actually login so when i changed that in the code i was able to log in thanks all for the help