Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/lhekitel/public_html/login.php on line 73
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/lhekitel/public_html/login.php on line 81
Username and passwords do not match our records
how do i fix this?
lhekitel
BeginnerLink Clerk
Comments
`catid` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`parentid` INT( 11 ) NOT NULL ,
`name` VARCHAR( 255 ) NOT NULL ,
`description` TEXT NOT NULL ,
PRIMARY KEY ( `catid` )
);
i can signup and it does show names in database , but i get the error when i try the login.html it goes to login.php with error any thoughts
// Connect to the database
$server = "localhost";
$dbuser = "name";
$dbpass = "pw";
$dbname = "lhekitel_accounts";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;
$pass = $_REQUEST;
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// encrypt password into md5 (random 32 characters)
$pass=md5($pass);
// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request,$conn);
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}
// set a cookie
setcookie( "userid", "$userid", time()+3600, "/", "", 0 );
echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records");
}
?>
im also assuming you changed these for security if not are they right?
$dbuser = "name";
$dbpass = "pw";
just below
<?php
// Connect to the database
$server = "localhost";
$dbuser = "name";
$dbpass = "pw";
$dbname = "lhekitel_accounts";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;
$pass = $_REQUEST;
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// encrypt password into md5 (random 32 characters)
$pass=md5($pass);
// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request);
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}
// set a cookie
setcookie( "userid", "$userid", time()+3600, "/", "", 0 );
echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records");
}
?>
Good luck and happy coding!!