login

[Lande-91]

i get error when trying to login: Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in E:\wamp\www\practice\home\admin\login.php on line 13

Line 13: if (mysqli_num_rows($r) == 1) { porpably getting a false.

my login php:

session_start();
    include ('../config/connection.php');

    # Database Connection:

    if ($_POST) {

        $q = "SELECT * FROM users WHERE email = quote_smart('$_POST[email]') AND password = quote_smart(SHA1('$_POST[password]'))";
        $r = mysqli_query ($dbc, $q);

        if (mysqli_num_rows($r) == 1) {

            $_SESSION['username'] = $_POST['email'];
            header('Location: index.php');

        }

    }
?>

[thedigicraft]

Okay that error generally means that the query has an error in it. I have not gone really deep into error handling yet in the videos soI will help you out here.

We are going to wrap another if around the mysqli_num_rows.

Your Code:

        if (mysqli_num_rows($r) == 1) {

            $_SESSION['username'] = $_POST['email'];
            header('Location: index.php');

        }

New Code:

   if($r) { // If the query is successful...

        if (mysqli_num_rows($r) == 1) {

            $_SESSION['username'] = $_POST['email'];
            header('Location: index.php');

        }

    } else { // If the query fails...

        echo mysqli_error($dbc).'<br>'; // This will tell you if there is an error and what kind.
        echo $q; // Echo out the query. If there is an error you should see it here.

    }

Please post the error message if and query results.

Thanks! Alan

[Lande-91]

this is the error i get: FUNCTION lande.quote_smart does not exist SELECT * FROM users WHERE email = quote_smart('slande.91@test.com') AND password = quote_smart(SHA1('password'))

[thedigicraft]

Oh okay. You are using a function called quote_smart(). That is not a function that is built in to PHP. Where is that function being created?

[Lande-91]

$q = "SELECT * FROM users WHERE email = quote_smart('$_POST[email]') 
AND password = quote_smart(SHA1('$_POST[password]'))";

[Lande-91]

not sure if i have it other places

[thedigicraft]

Yes. That is where it is being run. I need to know where it is being created. Since that function is not something that is built in to PHP, that means you would have had to create that function yourself. The code would look something like:

function quote_smart($string) {

  // there would be more code inside here....

}

[Lande-91]

config/js.php

[thedigicraft]

Could you copy/paste that function here? Then I can take a look at it.

[Lande-91]

function quote_smart ($value, $remove_whitespace = false){
 if ( get_magic_quotes_gpc() ) {
  $value = stripslashes($value);
 }

 if( is_numeric($value) && strpos($value,',') !== false ){
  $value = str_replace(',','.',$value);
 }

 if( is_null($value) ){
  $value = 'NULL';
 } elseif (!is_numeric($value)) {
  $value = "'" . mysql_real_escape_string($value) . "'";
 }

 if ( $remove_whitespace == true ) {
  $value = remove_whitespace($value);
 }

 return $value;
} 

[Lande-91]

moved it to data.php

[thedigicraft]

It should work now correct? Because if it was in js.php then that function wasn't created yet at the time PHP was running $page = ......

Can you verify that it is fixed? Or are you still having an issue?

[Lande-91]

Still an issue

[Lande-91]

gonna try whitout quote

[Lande-91]

hmm, no error then but i do not get redirected to index

[thedigicraft]

Okay. Try this...

Somewhere within the < body >< /body > tags on login.php place this code:

if($_POST) {

    echo '<pre>';

        print_r($_SESSION);

        print_r($_POST);

        print_r($_GET);

        print_r($page);

    echo '</pre>';

}

Fill out the login form, submit it. Then copy/paste what gets echoed out to the page. If you need to hide the password, go ahead and do that.

[Lande-91]

Array ( ) Array ( [email] => slande.91@test.com [password] => password ) Array ( ) Notice: Undefined variable: page in E:\wamp\www\practice\home\admin\login.php on line 41

[thedigicraft]

Okay, so your session variable is not being created. Otherwise, we would see it in that first array.

I am going to ask some silly questions now but sometimes the answer is so obvious/easy that we overlook it.

1. In the database, is your password encrypted? Did you run the SHA1 function in phpMyAdmin when you created it?
2. Are you sure you are putting in the correct email/password?
3. Do you happen to have 2 records in the users table with the same email/password? If so then mysqli_num_rows() would not be equal to 1, it would be equal to 2 or more.
4. What variable is on line 41?

Hmm, that is all I can think of at the moment.

[Lande-91]

1 yes 2 yes 3 no 4 print_r($page);

[thedigicraft]

Oh, that is right. $page is on the frontend not in the backend.

[Lande-91]

ye

[Lande-91]

Still stuck:P

[alyraptor]

I think your problem is that you're trying to pass a PHP function into your SQL code.

http://stackoverflow.com/questions/2668894/php-function-within-sql-statement-syntax

[alyraptor]

So maybe:

$email = quote_smart($_POST['email']);
$password = quote_smart('$_POST[password]');
$q = "SELECT * FROM users WHERE email = $email AND password = SHA1($password)"

[thedigicraft]

Haha Aly,

Great catch! That totally didn't even catch my eye! I tell ya, you can do this job for 10 years and simple stuff like that goes right past ya!

Alan