0

I have the following warning only when paword is wrong

Warning : mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\mijn_stamboom\login\login.php on line 23

<?php

include_once '../common.php';
include("config.php");

if($_SERVER["REQUEST_METHOD"] == "POST")
{
$myusername1=addslashes($_POST['username']); 
$mypassword1=addslashes($_POST['password']); 
$ip = $_SERVER["REMOTE_ADDR"];    
 $pass1 = md5($mypassword1);
    $sql1="SELECT * FROM stamboom_admin WHERE username='$myusername1' and password='$pass1' and ipadres='$ip'";
$result1=mysql_query($sql1);   

$row1=mysql_fetch_array($result1);  // this is line 23


if ($row1['id'] != '1' && $row1['ip_adres'] == '127.0.0.1'){    
$active1=$row1['active'];    
$count1=mysql_num_rows($result1);    
// If result matched $myusername and $mypassword, table row must be 1 row
if($count1==1)
{
session_register("username");
$_SESSION['login_user']=$myusername1;

header("location: welcome_user.php");
}
else 
{
$error="<font color='green'>Uw login naam of wactwoord is fout.</font>";
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang['PAGE_TITLE']; ?></title>
</head>
<body>
  <center><div style="margin-top:100px;">
<div style="width:350px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style="margin:30px">
<form action="" method="post">
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">UserName :</label><input type="text" name="username" class="box"/><br /><br />
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">Password&nbsp;&nbsp;:</label><input type="password" name="password" class="box" /><br/><br />
<center><input type="submit" value=" Submit" name="loggedin"/></center><br />

</form>
</div>
</div>
</div></center>
</body>
</html>
<?php
die();
}
}
else
{
bla bla bla
<?php
die();
}
}}
?>

Thanks in advice John Dohmen

4
Contributors
8
Replies
9
Views
5 Years
Discussion Span
Last Post by johnnyd1963
0

I have found the error by myself There is an mistype on

$sql1="SELECT * FROM stamboom_admin WHERE username='$myusername1' and password='$pass1' and ipadres='$ip'";

this must be
$sql1="SELECT * FROM stamboom_admin WHERE username='$myusername1' and password='$pass1' and ip_adres='$ip'";

sorry and thanks

0

you have too many un-necessary statements and queries. Remember, you are only validating ONE member, one password, one ip, and lastly one id.

Your first query to validate user should be enough,.. Checking the id don't make sense. Especially, if the id is auto incremented on your database. It does not help and will not help at all..

**session_register is long gone and depricated sometime ago.. **

Hold on, let me rewrite your codes..

NEVER MIND you already marked this question as solved...

Edited by veedeoo: more info added

0

I have to tell you that i have another page where i can put more members by myself after i loged in.

if you want to rewrite it for me you are welcome.
Thanks.

Edited by johnnyd1963

0

$result1=mysql_query($sql1);

change it to:

$result1=mysql_query($sql1) or die(mysql_error($sql1));

the query is failing or not matching any rows

if($_SERVER["REQUEST_METHOD"] == "POST"){
    $myusername1=addslashes($_POST['username']); 
    $mypassword1=addslashes($_POST['password']); 
    $ip = $_SERVER["REMOTE_ADDR"];//should still validate this in case
    $pass1 = md5($mypassword1);//could use $hash1 = hash('sha256', $salt . $mypassword1);//(more secure)

    $sql1="SELECT * FROM stamboom_admin WHERE username='$myusername1' and password='$pass1' and ipadres='$ip'";
    //query looks fine, personally i would completely remove all odd character so it's just numbers, digits and 
    //maybe a couple "ok characters" like - and  _ ( addslashes will escape quotes so mysql will be looking for
    //a username with a quote in or any other escaped characters
    $result1=mysql_query($sql1);
    if($result1 !== false){//mysql_query() returns false on error, continue if not false
        $row1=mysql_fetch_array($result1));// this is line 23
        if ($row1['id'] != '1' && $row1['ip_adres'] == '127.0.0.1'){
            $active1=$row1['active'];
            $count1=mysql_num_rows($result1);// i would add UNIQUE to the username column in the database so this isnt needed
            // If result matched $myusername and $mypassword, table row must be 1 row
            if($count1==1){
                session_register("username");
                $_SESSION['login_user']=$myusername1;
                //i usually log a unique token & user id, then pull his data on each page load using them
                $_SESSION['user_id'] = $row1['user_id'];
                $token = md5(rand()).md5(rand());
                $_SESSION['token'] = $token;
                $Q2 = "UPDATE users set token = '$token' WHERE user_id = {$row['user_id']}";
                mysql_query($Q2) or die('update failed: '.mysql_query());
                header("location: welcome_user.php");
            }else{
                //for debugging echo out whats happening at each stage
                echo "count != 1";
            }
        }else{
            echo "ip not 127.0.0.1 OR id == 1";
        }
    }else{
        echo "no row pulled: ".mysql_error();
    }
}else{
    //not post....
}

Edited by Biiim: typo

0

Sorry could not responce aerlier
First You had a mis type at

$row1=mysql_fetch_array($result1));// this is line 23
There was one brace to much

And when i use your code
i have the folowing error
Parse error: syntax error, unexpected T_ELSE in C:\xampp\htdocs\mijn_stamboom\login\login.php on line 502

So i give you my code for the whole page except the css and the javascripts so you see what i mean and do.
Thanks in advice John

<?php

include_once '../common.php';
include("config.php");

if($_SERVER["REQUEST_METHOD"] == "POST")
{
$myusername1=addslashes($_POST['username']); 
$mypassword1=addslashes($_POST['password']); 
$ip = $_SERVER["REMOTE_ADDR"]; 




 $pass1 = md5($mypassword1);

$sql1="SELECT * FROM stamboom_admin WHERE username='$myusername1' and password='$pass1' and ip_adres='$ip'";
$result1=mysql_query($sql1)or die(mysql_error());

$row1=mysql_fetch_array($result1);
if ($row1['id'] != '1' && $row1['ip_adres'] == '127.0.0.1'){

$active1=$row1['active'];

$count1=mysql_num_rows($result1);


// If result matched $myusername and $mypassword, table row must be 1 row
if($count1==1)
{
session_register("username");
$_SESSION['login_user']=$myusername1;

header("location: welcome_user.php"); // goto this page when it is NOT ME
}
else 
{
$error="<font color='green'>Uw login naam of wactwoord is fout.</font>";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang['PAGE_TITLE']; ?></title>
</head>

<body class="thrColFixHdr" onkeydown = "return (event.keyCode!=13)">


<div id="mainContent">
  <!-- start of the login form --->

  <center><br/><br/><br/><br/><br/><br/><div>
<div style="width:350px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>


<div style="margin:30px">

<form action="" method="post">
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">UserName :</label><input type="text" name="username" class="box"/><br /><br />
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">Password&nbsp;&nbsp;:</label><input type="password" name="password" class="box" /><br/><br />
<center><input type="submit" value="Submit" name="loggedin"/></center><br />

</form>
<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</div></center>

    <!-- end #mainContent --></div>


</body>
</html>

<?php
die();
}
}
else{

// username and password sent from form 

$myusername=addslashes($_POST['username']); 
$mypassword=addslashes($_POST['password']); 
 $ip = $_SERVER["REMOTE_ADDR"]; 
    $pass = md5($mypassword);

$sql="SELECT id FROM stamboom_admin WHERE username='$myusername' and password='$pass' and ip_adres='$ip'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];

$count=mysql_num_rows($result);


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
session_register("username");
$_SESSION['login_user']=$myusername;

header("location: welcome_admin.php"); // Goto this page when it is me
}
else 
{
$error="<font color='red'>Uw login naam of wachtwoord is fout.</font>";
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang['PAGE_TITLE']; ?></title>
</head>

<body>
<div id="mainContent">
  <center><br/><br/><br/><br/><br/><br/><div>
<div style="width:350px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>


<div style="margin:30px">

<form action="" method="post">
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">UserName :</label><input type="text" name="username" class="box"/><br /><br />
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">Password&nbsp;&nbsp;:</label><input type="password" name="password" class="box" /><br/><br />
<center><input type="submit" value=" Submit" name="loggedin"/></center><br />

</form>
<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</div></center>

    <!-- end #mainContent --></div>
    <?php
die();
}
}}
?>

and as last the empty login when nothing is filled in on the same page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $lang['PAGE_TITLE']; ?></title>
</head>

<body>
 <div id="mainContent">
  <center><br/><br/><br/><br/><br/><br/><div>
<div style="width:350px; border: solid 1px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>


<div style="margin:30px">

<form action="" method="post">
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">UserName :</label><input type="text" name="username" class="box"/><br /><br />
<label style="margin-left:10px; background-color:#333333; color:#FFFFFF; padding:3px;">Password&nbsp;&nbsp;:</label><input type="password" name="password" class="box" /><br/><br />
<center><input type="submit" value=" Submit" name="loggedin"/></center><br />

</form>

</div>
</div>
</div></center>
<!-- end #mainContent --></div>
</body>
</html>
0

Your first page seems to hold a lot of html duplication. I'd suggest placing ALL the php above the doctype declaration <!DOCTYPE...>. Place any content into variables which you then echo at the appropriate places. Just a suggestion.

0

Theres nothing wrong with the file you posted, you must of taken out the error. unexpected T_ELSE would be a problem somewhere with your if and else statements such as

if(true){
    if(false){

    }else{

    }
//missing close

The indenting i use to format the code helps a lot to spot these errors and apologies for the typo

Edited by Biiim

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.