The following script is supposed to validate a username and password in a mysql db. When entering the username and password of a preregistered user, I get the following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
>>>if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
>>>$login = mysql_query("SELECT * FROM 'userinfo' WHERE `user` = '$user' AND `pass` = '$pass`");
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the mysql_query() to test for whether the username and md5 password values are true/equivalent to each other?
Thanks for any help you may be able to provide, below is the full login.php page.
David
********************************************************
This is the full login.php script, I'm pretty sure no other portions are needed to show at this point for the current problem:
<?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('<form action="login.php?act=auth" method="post" name="loginform" id="loginform">
<p>Username
<input type="text" name="user">
</p>
<p>Password
<input type="password" name="pass">
</p>
<p>
<input type="submit" name="Submit" value="Login">
</p>
</form>');
}
elseif($act == "auth") //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md5
include("connect.php"); //connects to our mysql database
$login = mysql_query("SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header("Location: login.php"); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie("user", $user, time()+3600);//sets our user cookie
setcookie("pass", $pass, time()+3600);//sets our pass cookie
header("Location: memprar.php");//instead of yourpage.php it would be your protected page
}
}
?>
