How to focus on that select row??

NewCoder72 · March 24, 2012, 7:51pm

I finally signed up! Anyway, on my basic login, it works pretty well, though I noticed a bug.

If I log in with one existing email, but a different existing password, it doesn’t set the session, but bypasses my if statement. Here is a nice block of code where I think the trouble occurs

[php]$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

if (mysql_num_rows($result) == 1) {

while ($info = mysql_fetch_array($result)){

$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}

$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;

}

header(‘Location: members-area.php’);
exit();[/php]

It redirects, but luckily at members-area.php it checks if the session is set.

MAIN PROBLEM
If you log in with a email but a password that corresponds to a different user, it says you aren’t logged in (which is what happens if a session isn’t set on members-area.php)

richei · March 24, 2012, 8:01pm

Most likely because you’re telling it see if only 1 result is made. i always use != 0. What you can echo mysql_num_rows to see how many are being returned. if its more than 1, then i would see to see if there’s something glitchy with how the db is set up.

NewCoder72 · March 24, 2012, 8:15pm

Hmm…I tried using !=0 instead of == 1 but it still won’t work. It still bypasses my if statements.

richei · March 24, 2012, 8:22pm

What does the rest of the code look like?

NewCoder72 · March 24, 2012, 8:31pm

[php]$email = $_POST[‘email’];
$password = $_POST[‘password’];
$hashedPassword = hash(“sha512”, $password);

$checke = mysql_query(“SELECT * FROM persons WHERE email=’$email’”);

if(mysql_num_rows($checke) == 0) {
header(‘Location: wrong-login.php’);
exit();
}

$checkp = mysql_query(“SELECT * FROM persons WHERE password=’$hashedPassword’”);

if(mysql_num_rows($checkp) == 0) {
header(‘Location: wrong-login.php’);
exit();
}

$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

if (mysql_num_rows($result)!=0) {

while ($info = mysql_fetch_array($result)){

$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}

$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;

}

$checkingPass = mysql_num_rows($con);

if(mysql_num_rows($)==’$checkingPass’) {

header('Location: members-area.php');
exit();
}

else {
echo “WRONG”;
}

mysql_close($con);
?>[/php]

richei · March 24, 2012, 8:55pm

That’s the code i cleaned up on your other post. one glaring thing is this

if(mysql_num_rows($)==’$checkingPass’) {
header(‘Location: members-area.php’);
exit();
} else {
echo “WRONG”;
}

That does nothing at all since you’re not counting anything. Please see your first topic for the cleaned up code.

NewCoder72 · March 24, 2012, 9:13pm

Whoops. For some reason it is supposed to be this.

[php]if(mysql_num_rows($email)==’$checkingPass’) {[/php]

Anyway, I put in the $email but it still won’t work. It says this.

Warning: mysql_num_rows(): supplied resource is not a valid MySQL result resource in C:\wamp\www\login2.php on line 49

Warning: mysql_num_rows() expects parameter 1 to be resource, string given in C:\wamp\www\login2.php on line 51

NewCoder72 · March 24, 2012, 9:20pm

Also, if I use require instead of direct embed, how would scripts like this work?

$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

richei · March 24, 2012, 10:30pm

Instead of the embeding, you’d use include or require

db.php (or whatever you want to call it)
[php]

<?php $con = mysql_connect("localhost","user"); if(!$con) { die('Error connecting to localhost' . mysql_error()); } $db = mysql_select_db("socialdb",$con); if(!$db) { die('Error connecting to database' . mysql_error()); } [/php] other files [php] session_start(); include 'db.php'; $email = $_POST['email']; $hashedPassword = hash("sha512", $_POST['password']); $checke = mysql_query("SELECT * FROM persons WHERE email='$email' AND Password = '$hashedPassword'"); if(mysql_num_rows($checke) == 0) { header('Location: wrong-login.php'); } else { $info = mysql_fetch_assoc($checke); $_SESSION['firstname'] = $info['firstname']; $_SESSION['lastname'] = $info['lastname']; $_SESSION['id'] = $info['id']; echo $_SESSION['firstname']." ".$$_SESSION['lastname']; mysql_close($con); } ?>

[/php]

NewCoder72 · March 25, 2012, 2:02am

You still didn’t answer the question that I asked you.

Also, if I use require instead of direct embed, how would scripts like this work?
$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

richei · March 25, 2012, 3:28am

You’re asking the server to see if there’s someone in the db table that has an email of xxxx and a password of xxxx. Depending on what the result is, it’ll return a record or it’ll return nothing.

If its failing to give you the right record, then you need add some checks to see what’s going on, because it can’t bypass the if statement unless something else isn’t happening.

in the query, is password supposed to be capitalized or is it lowercase?