Login Script Error - HELP!

[EATON106]

Hi,

 

Im using the code below to check a users username and password is ligit before adding their username to their session.

 

<?php

$con = mysql_connect("localhost","user","password");

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }

mysql_select_db("hiddenbid", $con);

  $username = mysql_real_escape_string($_POST['username']);

  $password = md5($_POST['password']);

  $mysql = mysql_query("SELECT * FROM users WHERE name = '{$username}' AND password = '{$password}'");

  if(mysql_num_rows($mysql)=1){

    $_SESSION['USERID'] = $username;

    print "<b>Welcome</b>, you are signed in as " . $_SESSION['USERID'] . ".";

    print "<br /><br />Redirecting...";

    header ("location:index.php");

    }

  else{

    header ("location:signin.php");

    }

?>

 

Anyway, it doesnt work as I get the following error:

 

Fatal error: Can't use function return value in write context in C:\Program Files\Abyss Web Server\htdocs\signinconfirmer.php on line 35

 

Any ideas what is causing this please?

 

Also can I add a pause after the redirect message before it takes the user to the index.php page?

 

Thanks in advance.

[kickstart]

Hi

 

You are assigning 1 to the return from mysql_num_rows, rather than checking it. You need 2 equals signs:-

 

if(mysql_num_rows($mysql)==1){

 

All the best

 

Keith

[EATON106]

Hi

 

You are assigning 1 to the return from mysql_num_rows, rather than checking it. You need 2 equals signs:-

 

if(mysql_num_rows($mysql)==1){

 

All the best

 

Keith

 

Thanks Keith, however it still doesn't like it as returns me to the signin.php page regardless of if the username and password are incorrect or not.

[Pikachu2000]

You are sending output to the browser before trying to redirect. It won't work that way; you can't output anything before a header() redirect.

[EATON106]

You are sending output to the browser before trying to redirect. It won't work that way; you can't output anything before a header() redirect.

 

It's not ever looking at that as I have tested without the header() and it still does the same. 

[Pikachu2000]

Then what are you getting, exactly? Are you getting the "Welcome, you are signed in as . . ." message, or something else?

[kickstart]

Thanks Keith, however it still doesn't like it as returns me to the signin.php page regardless of if the username and password are incorrect or not.

 

Suspect that is down to the unnecessary curly brackets in your SQL statement.

 

All the best

 

Keith

[EATON106]

Then what are you getting, exactly? Are you getting the "Welcome, you are signed in as . . ." message, or something else?

 

It seems to just run the else statement and put me back to the signin.php.

 

Which curly brackets please?

[kickstart]

Hi

 

These ones:-

 

$mysql = mysql_query("SELECT * FROM users WHERE name = '{$username}' AND password = '{$password}'");

 

All the best

 

Keith

[EATON106]

I removed the brackets you mentioned and unfortunately it still does the same!?

[Pikachu2000]

Put this echo '<pre>'; print_r($_POST); echo '</pre>'; at the top of the script to make sure the values are making it to the script in the $_POST array.

 

Then, immediately after you assign the query string to the $mysql variable, echo it also. echo '<br />' . $mysql . '<br />;

[kickstart]

Hi

 

In which case echo out the SQL and try it directly using phpmyadmin or equivalent.

 

Has the password in the database been stored as an MD5 hash?

 

All the best

 

Keith

[EATON106]

D'oh!

 

Thanks for all your help however I was being a fool.

 

My table contains username and not name so the query would never find anything.

 

Sorry to waste your time!