0

Hey everyone!

So I have a log in script (that someone on here gave me for testing purposes) that logs in based on user_level and I also have a quick login area instead of going to the log in page..on the log in page..when the user doesn't enter any inputs in the fields given..the message of "please put your username and password to log in" appears but when I have the same process for my side login menu..and submit is clicked with nothing inputed..and error of:

"Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Test\core\inc\posts.inc.php on line 42"

here is the login script for the log in process

<?php
//login.php
session_start();

include('core/init.inc.php');

$err='';
$file=strip_tags($_SERVER['PHP_SELF']);

if(isset($_POST['Submit']))
{
	mysql_connect('********','*******','*******') or die(mysql_error());
	mysql_select_db('********') or die(mysql_error());

	$user = mysql_real_escape_string(stripslashes($_POST['username']));
	$pass = mysql_real_escape_string(stripslashes($_POST['password']));

	$select = "SELECT * FROM `USERS` where `username`='".$_POST['username']."' AND `password`='".md5($_POST['password'])."'";
	$msq = mysql_query($select) or die(mysql_error());
	$total=mysql_num_rows($msq);
	if(1==$total)
	{
		$row = mysql_fetch_assoc($msq);
		foreach($row as $k=>$v)
		{
			$_SESSION[$k] = $v;
		}
$_SESSION['user_level']

		if(isset($_SESSION['returnTo']) && !empty($_SESSION['returnTo']))
		{
			$temp=$_SESSION['returnTo'];
			$_SESSION['returnTo']=NULL;
			header('Location: '.$temp);
		}
		elseif(1==(int)$_SESSION['user_level'])
		{
			header('Location: Blog-admin-area.php');
		}
		else
		{
			header('Location: index.php');		
		}
		exit;
	}
	elseif(0==$total)
	{
		$err='<p>Incorrect username/password</p>';
	}
	else
	{
		$err='<p>We are currently experiencing technical difficulties.  Please try again later.</p>';

		$msg='Error encountered at '.$file.'.  Expected the query to yield zero or one row, but instead the query generated '.$total.' rows.'.PHP_EOL;
		$msg.='The submitted data is as follows:'.PHP_EOL.print_r($_POST,true);

		$webmaster='gene.howell9@gmail.com';
		$to=$webmaster;

		$subject="Error at Login Page For Ready Or Not Tahirih's website";

		$headers='To: '.$to.PHP_EOL;
		$headers.='From: '.$webmaster.PHP_EOL;
		$headers.='Return-Path: '.$webmaster.PHP_EOL;
		
		mail($to,$subject,$msg,$headers);
	}
}

	
if (isset($_POST['user'], $_POST['title'], $_POST['body'])) {
	add_post($_POST['user'], $_POST['title'], $_POST['body']);
	header('Location: Blog.php');
	die();
}
 
if(!isset($_SESSION['username']) || empty($_SESSION['username']))
{
	$_SESSION['returnTo']='blog-post.php';
	echo "<p>You must be logged in. Click <a href='login.php'>here</a> to login!</p>";
	exit;
}
elseif(1!=(int)$_SESSION['user_level'])
{
	echo '<p>You are not allowed to access this page</p>';
	exit;
}
 
?>

Here is the side login area of with the width: 102px and height: 140px..

<a href="LogIn.php" style="color: #000;"><u>Log In</u></a>
<?php
if(!empty($err))
{
	echo $err;
}
?>
<form action="<?php echo $file;?>" method="post" >
Username:<br />
<input size="10" type="text" name="username" id="username" /><br />
Password:<br />
<input size="10" type="password" name="password" id="password" /><br />
<input type="submit" name="Submit" value="Submit">
</form>

here is the posts.inc.php (where supposedly the error is "Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Test\core\inc\posts.inc.php on line 42")

<?php

//checks if the given post id is in the table
function valid_pid($pid) {
	$pid = (int)$pid;
	
	$total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
	$total = mysql_result($total, 0);
	
	if ($total != 1) {
		return false;
	}else{
		return true;
	}
}

//gets a summary of all blog posts
function get_posts() {
	$sql = "SELECT
				`posts`.`post_id` AS `id`,
				`posts`.`post_title` AS `title`,
				LEFT(`posts`.`post_body`, 109) AS `preview`,
				`posts`.`post_user` AS `user`,
				DATE_FORMAT(`posts`.`post_date`, '%m-%d-%Y %H:%i:%s') AS `date`,
				`comments`.`total_comments`,
				DATE_FORMAT(`comments`.`last_comment`, '%m-%d-%Y %H:%i:%s') AS `last_comment`
			FROM `posts`
			LEFT JOIN(
				SELECT
					`post_id`,
					COUNT(`comment_id`) AS `total_comments`,
					MAX(`comment_date`) AS `last_comment`
				FROM `comments`
				GROUP BY `post_id`
			) AS `comments`
			ON `posts`.`post_id` = `comments`.`post_id`
			ORDER BY `posts`.`post_date` DESC";
	
	$posts = mysql_query($sql);
	
 $rows = array();
        while (($row = mysql_fetch_assoc($posts)) !== false) {
                $rows[] = array(
                        'id'                       => $row['id'],
                        'title'                   => $row['title'],
                        'preview'             => $row['preview'],
                        'user'                   => $row['user'],
                        'date'                   => $row['date'],
                        'total_comments' => ($row['total_comments'] === null) ? 0 : $row['total_comments'],
                        'last_comment'     => ($row['last_comment'] === null) ? 'none' : $row['last_comment']
                );
	}
	
	return $rows;
}

//gets a single post from the table
function get_post($pid) {
	$pid = (int)$pid;
	
	$sql = "SELECT
				`post_title` AS `title`,
				`post_body` AS `body`,
				`post_user` AS `user`,
				`post_date` AS `date`
			FROM `posts`
			WHERE `post_id` = {$pid}";
	
	$post = mysql_query($sql);
	$post = mysql_fetch_assoc($post);
	
	$post['comments'] = get_comments($pid);
	
	return $post;
}

//adds a new blog entry
function add_post($name, $title, $body) {
	$name = mysql_real_escape_string(htmlentities($name));
	$title = mysql_real_escape_string(htmlentities($title));
	$body = mysql_real_escape_string(nl2br(htmlentities($body)));
	
	mysql_query("INSERT INTO `posts` (`post_user`, `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$body}', NOW())");
}

?>

Thanks for everyone's help!

2
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by pritaeas
0

There is no error handling for the query in posts (it fails). Compare with what you have in your login, because that is much better.

0

@pritaeas, where at in the code are you referring to?..and do you mean mysql_error()?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.