whats the error?
please paste here...

"Login Error"

I am typing a username and password that is in MySQL database. This is strange.

[edited by: joe1182 at 7:58 pm (utc) on Nov. 29, 2004]

"Login Failed"

Sorry.

According to your logic...

if(mysql_num_rows($result)!=1){ 
$error="Login Failed"; 
include "login.php"; 
}else{ 
...

...so what I would check first is to see how many, if any, rows are being returned by your mysql_num_rows() function.

will "echo mysql_num_rows" work? Or how else would I do this?

when I enter "echo $result" I get this message:"Resource id #3" What does this mean? Could I possibly have Mysql database setup wrong? How should it be setup to handle "username", "password" & "USLP"? USLP is the unique page that the user will be directed to upon login.

You can echo it to the browser, you almost had it.

echo mysql_num_rows($result);

Every query returns a result set and you process the result set by fetching data from it. The function described here does exactly that for you.

It returns "0". What could the problem be?

The next step would be to echo the query itself to the browser to see what's going on...

$sql="select * from Users where username='$username' and password='$password'"; 
exit($sql);

When I enter "exit ($sql);" I get this message.

select * from users where username='guest' and password='40be4e59b9a2a2b5dffb918c0e86b3d7'

When I enter "echo ($dbh)" I get this error message.

Resource id #2
Warning: session_start(): Cannot send session cache limiter - headers already sent on Line 5.

Here is the complete login.php file again.

<?php
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("example");
echo ($dbh);
session_start();
$username=$_POST['username'];
$password=md5($_POST['password']);
$sql="select * from users where username='$username' and password='$password'";
exit ($sql);
$result=mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result)!=1){
$error="Not a Valid Username or Password";
echo mysql_num_rows ($result);
}else{
$row=mysql_fetch_array($result);
$_SESSION['username']="$username";
$_SESSION['ip']=$_SERVER['REMOTE_ADDR'];
header("Location:http://members.example.com/{$row['USLP']}");
}
?>

OK. The syntax looks fine. If you enter a query into a command line interface to see what is in your Users table, do you see a row in your table for user "guest" with the same md5 encrypted password?

yes if I log into PHP Myadmin I can export the info from the table and the username exports and the password is encrypted. Does the error I posted mean anything?

Hi Joe

Sorry but your script isn't fine, let's have a look:

<?php
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("example");
echo ($dbh);
session_start(); <--- The problem is here

You are trying to echo something BEFORE you start the session. This is a no no, try it this way:

<?php
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("example");
session_start();
echo ($dbh);

Should sort you out

Yes that cleared out the error message. Does anyone know why this isn't checking against the database? Could it be how the database is setup? How should it be setup?

Welcome to WebmasterWorld, zaphod2003.

True, you don't normally want to ever echo out anything before starting a session, but we are merely troubleshooting database connection and query syntax at this point. I usually use exit() as opposed to echo() just because I want to stop at that point and check the syntax of the query statement. Here nor there, let's get back to the real issue...

joe1182, try entering a new password for the user "guest" into your database. Make it very simple for right now so that you can key it again into your form to make sure you are using the same password that you generated. Your query syntax looks fine, you obviously have a connection to your database or you would be getting connection errors, therefore the only thing left now is to determine why your query isn't selecting any records. I am willing to bet it is your password/encryption somehow. If you take the AND clause out of your query for a minute, I'll bet your script will continue as expected...

//$sql="select * from Users where username='$username' and password='$password'"; 
$sql="select * from Users where username='$username'";

Try that.

I get this message when I post the following script.
Resource id #2select * from users where username='guest'

<?php
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database");
session_start();
echo ($dbh);
$username=$_POST['username'];
$password=md5($_POST['password']);
$sql="select * from users where username='$username'";
exit ($sql);
$result=mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result)!=1){
$error="Not a Valid Username or Password";
echo mysql_num_rows ($result);
}else{
$row=mysql_fetch_array($result);
$_SESSION['username']="$username";
$_SESSION['ip']=$_SERVER['REMOTE_ADDR'];
header("Location:http://members.example.com/{$row['USLP']}");
}
?>

When I echo ($sql) I receive '0'

sorry for the confusion. When I call on the previous script here is the message I receive.

Resource id #2select * from users where username='guest'0

Please correct me if I am wrong. "Resource id #2" this refers to echo ($dbh). "select * from users where username='guest'" this refers to echo ($sql). Last of all "0" this refers to echo mysql_num_rows ($result). Is this correct? Than the "0" just shows that we aren't receiving any records from the database. Correct?

Now that you know your $sql string is well formed, comment out the "exit($sql);" line--or change it to an echo. As long as you have the exit() in there, the script won't run past that.

[Added:]
When you echo troubleshooting stuff, try doing it something like this:

echo "\$variable = $variable<br>\n";

...so you can see which varible you've echoed.

Changed exit ($sql) to echo ($sql) and that is when I came up with

Resource id #2select * from users where username='guest'0

The next thing you might try is to temporarily change your $sql string to:

$sql="select * from users";

Resource id #2select * from users2

This is the message I receive. I do have 2 records in this database so it is looking in the right one. Any ideas why it isn't checking the username password against that of the database?

Now that you know where the problem is. Change your $sql back to:

$sql="select * from users where username='$username'";  
echo "\$sql = $sql<br>\n"; 
 // Regarding echoing, did you read message 21?

When $sql echos out:

$sql = select * from users where username='guest'

...are you absolutely certain that you have a user named 'guest' in the username column of the database? My guess is, "No."

$dbh = Resource id #2
$sql = select * from users where username='guest'
\mysql_num_rows (Resource id #3) = mysql_num_rows (Resource id #3)

MySQL Database has 3 fields. "username", "password" & "USLP".

I have 2 records in this database.
Record #1 - guest, password, USLP
Record #2 - jmcneil, password, USLP

Is this any help? Is something wrong with the way my database is setup?

To echo out a function or array member, you have to take it out of quotes. One way to do this is with concatenation, like:

echo "mysql_num_rows(\$result) = ".mysql_num_rows($result)."<br>\n";

Your database appears to be set up okay. We did a successful query a little bit ago that returned two rows. The problem seems to be with the username.

Is it possible that there are spaces at either end of the current usernames in the database? That might be the problem. Try this test:

$sql = "select * from users"; 
$result = mysql_query($sql); 
while ($query_data = mysql_fetch_array($result)) { 
 echo "username = '".$query_data['username']."'<br>\n"; 
}

...by putting $query_data['username'] in single quotes, you'll be able to see if there are spaces at either end of your current users.

it says username='box'; username='box';

It doesn't actually say the word box. There is a small box between the quotes. So it looks like it is blank. That is weird because if I go into MySQL I can export the records into Excel and I see clearly the username and the (md5)password. Any suggestions?

I'm not sure what the 'box' is about.

Did you look at the HTML source of the output to see what was there?

How did you get the current records into the table? Did you import them from Excel? Maybe the username fields contain an Excel cell? I don't know, I've never imported directly from Excel.

Also, what column type are you using for username? It should probably be char or varchar.

Also , you could try adding a new record. Try putting this line just before the last block I gave you:

$result = mysql_query('INSERT INTO users (username) VALUES('joe'));

...if the INSERT doesn't work, add error checking.

This is the error I am getting now. I couldn't see what was wrong with line 12 can you? I am entering the data into the table through the PHP MyADMIN console that came with my Web Hoster. Should I do it another way? The fields are set up as the following (username - CHAR), (password - VARCHAR) & (USLP - CHAR). Do you think this has something to do with PHP MyAdmin?

Parse error: parse error, unexpected T_STRING on Line 12.

<?php
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database");
session_start();
echo "\$dbh = $dbh<br>\n";
$username=$_POST['username'];
$password=md5($_POST['password']);
$sql = "select * from users";
$result = mysql_query($sql);
while ($query_data = mysql_fetch_array($result)) {
echo "username = '".$query_data['username']."'<br>\n"; }
$result = mysql_query('INSERT INTO users (username) VALUES('joe'));
$result=mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result)!=1){
$error="Not a Valid Username or Password";
echo "\mysql_num_rows ($result) = mysql_num_rows ($result)<br>\n";
}else{
$row=mysql_fetch_array($result);
$_SESSION['username']="$username";
$_SESSION['ip']=$_SERVER['REMOTE_ADDR'];
header("Location:http://members.example.com/{$row['USLP']}");
}
?>