How to focus on that select row??


#1

I finally signed up! Anyway, on my basic login, it works pretty well, though I noticed a bug.

If I log in with one existing email, but a different existing password, it doesn’t set the session, but bypasses my if statement. Here is a nice block of code where I think the trouble occurs

[php]$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

if (mysql_num_rows($result) == 1) {

while ($info = mysql_fetch_array($result)){

$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}

$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;

}

header(‘Location: members-area.php’);
exit();[/php]

It redirects, but luckily at members-area.php it checks if the session is set.

MAIN PROBLEM
If you log in with a email but a password that corresponds to a different user, it says you aren’t logged in (which is what happens if a session isn’t set on members-area.php)


#2

Most likely because you’re telling it see if only 1 result is made. i always use != 0. What you can echo mysql_num_rows to see how many are being returned. if its more than 1, then i would see to see if there’s something glitchy with how the db is set up.


#3

Hmm…I tried using !=0 instead of == 1 but it still won’t work. It still bypasses my if statements.


#4

What does the rest of the code look like?


#5

[php]$email = $_POST[‘email’];
$password = $_POST[‘password’];
$hashedPassword = hash(“sha512”, $password);

$checke = mysql_query(“SELECT * FROM persons WHERE email=’$email’”);

if(mysql_num_rows($checke) == 0) {
header(‘Location: wrong-login.php’);
exit();
}

$checkp = mysql_query(“SELECT * FROM persons WHERE password=’$hashedPassword’”);

if(mysql_num_rows($checkp) == 0) {
header(‘Location: wrong-login.php’);
exit();
}

$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

if (mysql_num_rows($result)!=0) {

while ($info = mysql_fetch_array($result)){

$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}

$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;

}

$checkingPass = mysql_num_rows($con);

if(mysql_num_rows($)==’$checkingPass’) {

header('Location: members-area.php');
exit();
}

else {
echo “WRONG”;
}

mysql_close($con);
?>[/php]


#6

That’s the code i cleaned up on your other post. one glaring thing is this

if(mysql_num_rows($)==’$checkingPass’) {
header(‘Location: members-area.php’);
exit();
} else {
echo “WRONG”;
}

That does nothing at all since you’re not counting anything. Please see your first topic for the cleaned up code.


#7

Whoops. For some reason it is supposed to be this.

[php]if(mysql_num_rows($email)==’$checkingPass’) {[/php]

Anyway, I put in the $email but it still won’t work. It says this.

Warning: mysql_num_rows(): supplied resource is not a valid MySQL result resource in C:\wamp\www\login2.php on line 49

Warning: mysql_num_rows() expects parameter 1 to be resource, string given in C:\wamp\www\login2.php on line 51


#8

Also, if I use require instead of direct embed, how would scripts like this work?

$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));


#9

Instead of the embeding, you’d use include or require

db.php (or whatever you want to call it)
[php]

<?php $con = mysql_connect("localhost","user"); if(!$con) { die('Error connecting to localhost' . mysql_error()); } $db = mysql_select_db("socialdb",$con); if(!$db) { die('Error connecting to database' . mysql_error()); } [/php] other files [php] session_start(); include 'db.php'; $email = $_POST['email']; $hashedPassword = hash("sha512", $_POST['password']); $checke = mysql_query("SELECT * FROM persons WHERE email='$email' AND Password = '$hashedPassword'"); if(mysql_num_rows($checke) == 0) { header('Location: wrong-login.php'); } else { $info = mysql_fetch_assoc($checke); $_SESSION['firstname'] = $info['firstname']; $_SESSION['lastname'] = $info['lastname']; $_SESSION['id'] = $info['id']; echo $_SESSION['firstname']." ".$$_SESSION['lastname']; mysql_close($con); } ?>

[/php]


#10

You still didn’t answer the question that I asked you.

Also, if I use require instead of direct embed, how would scripts like this work?

$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));


#11

You’re asking the server to see if there’s someone in the db table that has an email of xxxx and a password of xxxx. Depending on what the result is, it’ll return a record or it’ll return nothing.

If its failing to give you the right record, then you need add some checks to see what’s going on, because it can’t bypass the if statement unless something else isn’t happening.

in the query, is password supposed to be capitalized or is it lowercase?