Jump to content

mysql_num_rows problem

hezza

By hezza
in PHP Coding Help

 Share

Recommended Posts

hezza Newbie

hezza

Posted
Posted

MYSQL Client server version 5.0.45

 

 

 

 

Hi All!

 

Got a little irritating problem going on when trying to allow a user to log on with their credentials.

I've created the relevant tables, defined connection correctly etc but every time I enter in the correct user account details , it always displays the message I created for when the user account details are wrong.

 

Here is the code:

 

<?php

 

...

...

 

$find_user_sql = "SELECT `ad_aid`, `ad_aus` FROM `ad_users` WHERE `ad_aus` = '" . $find_user_usr . "' AND `ad_apa` = '" . $find_user_pas . "'";

$find_user_res = mysql_query($find_user_sql);

 

 

 

if(mysql_num_rows($find_user_res) > 1|| mysql_num_rows($find_user_res) < 1){

 

 

 

?>

 

 

<div id="loginbox">

<div id="loginbox-logo"> </div>

<div id="loginbox-content">

<div id="content-error">

 

<p>The details you entered were incorrect.</p>

 

</div>

 

<form action="login.php" method="post">

<p>Admin Username:<br />

<input type="text" name="ad_user" autocomplete="off" />

</p>

<p>Admin Password:<br />

<input type="password" name="ad_pass" autocomplete="off" />

</p>

<p>

<br />

 

<input type="submit" name="ad_submit" value="Log me in »" id="login_button" />

 

</p>

</form>

</div>

<div id="loginbox-bottom"> </div>

</div>

 

 

 

 

 

<?php

 

include_once('includes/footer.php');

 

$insert_fail_attempt_sql = "INSERT INTO `ad_fail_log` VALUES (NULL, NULL, '" . visitorIP() . "')";

mysql_query($insert_fail_attempt_sql);

 

}

 

 

 

 

else{

 

include_once('includes/header.php');

 

$find_user = mysql_fetch_assoc($find_user_res);

 

session_start();

 

$_SESSION['ad_user'] = $find_user['ad_aus'];

$_SESSION['ad_aid'] = $find_user['ad_aid'];

 

?>

<meta http-equiv="refresh" content="3;url=../ad/index.php">

<div id="loginbox">

<div id="loginbox-logo"> </div>

<div id="loginbox-content">

<p>Logging In...<br /><br /><br /><br />

<center><img src="images/login-loader.gif" /></center>

</p>

</div>

<div id="loginbox-bottom"> </div>

</div>

 

<?php

 

include_once('includes/footer.php');

 

}

 

}

 

}else{

 

include_once('includes/header.php');

 

?>

 

 

 

 

What the aim of the script is, is to allow users to log in then be taken to a page called index.php . I also have a include php script called check.php (below) which checks users accounts:

 

 

 

 

 

 

 

<?php

 

session_start();

 

if(!empty($_SESSION['adm_user']) && !empty($_SESSION['adm_aid'])){

 

$check_user_sql = "SELECT `adm_ana`, `adm_per` FROM `pb_admin_users` WHERE `adm_aus` = '" . $_SESSION['adm_user'] . "' AND `adm_aid` = '" . $_SESSION['adm_aid'] . "'";

$check_user_res = mysql_query($check_user_sql);

 

if(mysql_num_rows($check_user_res) > 1 || mysql_num_rows($check_user_res) < 1)){

 

$check_user = mysql_fetch_assoc($check_user_res);

$_SESSION['adm_name'] = $check_user['adm_ana'];

$_SESSION['adm_perm'] = $check_user['adm_per'];

 

}else{

header('Location: https://*website*/' . DIR_ADM . '/login.php');

die($check_user_sql);

}

 

}else{

header('Location: https://*website*/' . DIR_ADM . '/login.php');

die($check_user_sql);

}

 

?>

 

 

 

 

I know it's got something to do with the if(mysql_num_rows($find_user_res) > 1|| mysql_num_rows($find_user_res) < 1){ , but I don't know why its rejecting correct username and password .

 

I've tried fiddling around with the mysql_num_rows value to 1 or 0 or ==1 etc but it will only do one of the following:

 

- State that my username and password are incorrect(when they're not)

                                                    OR

- Seem as if it is logging in by displaying "logging in" then for it to only display the login.php page again

 

 

 

I would be very grateful if anyone could give me some pointers!!  :confused: :confused:

Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

Make sure your query is not failing by checking the result of mysql_query before doing anything else:

 

(use code tags when posting your code, like this)

$find_user_res = mysql_query($find_user_sql);
if (!$find_user_res){
   echo "Query failed: {$find_user_sql}<br>";
   echo "Mysql says: ".mysql_error()."<br>";
   exit;
}

 

As for checking if a row matched, don't even both with the num rows check, just try and fetch the result and see if it succeeds:

$find_user_res = mysql_query($find_user_sql);
if (!$find_user_res){
   echo "Query failed: {$find_user_sql}<br>";
   echo "Mysql says: ".mysql_error()."<br>";
   exit;
}

$find_user = mysql_fetch_assoc($find_user_res);
if (!$find_user){
   //No row was found, assume invalid login.
}
else {
   //user login successful.  $find_user contains the user details.
}

 

Link to comment
Share on other sites
hezza Newbie

hezza

Posted
  • Author
Posted

Thanks for the response!!

 

Ok with regards to the first bit, I have been able to ensure that the SQL is correct.

 

The second part, its still displaying the "details you entered are incorrect" . With the help you kindly gave me, I created and ran the following:

 

<?php

include_once('includes/config.php'); 
include_once('includes/connect.php'); 
include_once('includes/functions.php'); 


if(!empty($_POST['ad_user']) || !empty($_POST['ad_pass'])){

if(empty($_POST['ad_user']) || empty($_POST['ad_pass'])){

	include_once('includes/header.php'); 





	?>
	<div id="loginbox">
			<div id="loginbox-logo"> </div>
			<div id="loginbox-content">
                	<div id="content-error">
                    	<p>You missed out one of the fields, please try again.</p>
                    </div>
				<form action="logintest.php" method="post">
				<p>Admin Username:<br />
				<input type="text" name="ad_user" autocomplete="off" />
				</p>
				<p>Admin Password:<br />
				<input type="password" name="ad_pass" autocomplete="off" />
				</p>
				<p>
				<br />
				<input type="submit" name="ad_submit" value="Log me in »" id="login_button" />
				</p>
				</form>
			</div>
			<div id="loginbox-bottom"> </div>
	</div>
	<?php

	include_once('includes/footer.php'); 



}else{

$find_user_usr = strip_tags($_POST['ad_user']);
$find_user_usr = preg_replace("/[^a-zA-Z0-9\s]/", "", $find_user_usr);
$find_user_usr = sha1($find_user_usr);

$find_user_pas = strip_tags($_POST['ad_pass']);
$find_user_pas = preg_replace("/[^a-zA-Z0-9\s]/", "", $find_user_pas);
$find_user_pas = sha1($find_user_pas);

$find_user_sql = "SELECT `adm_aid`, `adm_aus` FROM `pb_admin_users` WHERE `adm_aus` = '" . $find_user_usr . "' AND `adm_apa` = '" . $find_user_pas . "'";

$find_user_res = mysql_query($find_user_sql);


$find_user_sql = "SELECT `adm_aid`, `adm_aus` FROM `pb_admin_users` WHERE `adm_aus` = '" . $find_user_usr . "' AND `adm_apa` = '" . $find_user_pas . "'";


$find_user_res = mysql_query($find_user_sql);



		$find_user = mysql_fetch_assoc($find_user_res);
			if (!$find_user){


	?>
	<div id="loginbox">
			<div id="loginbox-logo"> </div>
			<div id="loginbox-content">
                	<div id="content-error">
                    	<p>The details you entered were incorrect.</p>
                    </div>
				<form action="logintest.php" method="post">
				<p>Admin Username:<br />
				<input type="text" name="ad_user" autocomplete="off" />
				</p>
				<p>Admin Password:<br />
				<input type="password" name="ad_pass" autocomplete="off" />
				</p>
				<p>
				<br />
				<input type="submit" name="ad_submit" value="Log me in »" id="login_button" />
				</p>
				</form>
			</div>
			<div id="loginbox-bottom"> </div>
	</div>
	<?php

	include_once('includes/footer.php'); 



	$insert_fail_attempt_sql = "INSERT INTO `pb_admin_fail_log` VALUES (NULL, NULL, '" . visitorIP() . "')";
	mysql_query($insert_fail_attempt_sql);


   //No row was found, assume invalid login.
}


if ($find_user) {

			include_once('includes/header.php'); 






	session_start();

	$_SESSION['adm_user'] = $find_user['adm_aus'];
	$_SESSION['adm_aid'] = $find_user['adm_aid'];

	?>

        <meta http-equiv="refresh" content="3;url=../index.php">
	<div id="loginbox">
			<div id="loginbox-logo"> </div>
			<div id="loginbox-content">
				<p>Logging In...<br /><br /><br /><br />
				<center><img src="images/login-loader.gif" /></center>
				</p>
			</div>
			<div id="loginbox-bottom"> </div>
	</div>
	<?php

	include_once('includes/footer.php'); 




	}

}

}


   //user login successful.  $find_user contains the user details.

		?>



<div id="loginbox">
        <div id="loginbox-logo"> </div>
        <div id="loginbox-content">
        	<form action="logintest.php" method="post">
            <p>Admin Username:<br />
            <input type="text" name="ad_user" autocomplete="off" />
            </p>
            <p>Admin Password:<br />
            <input type="password" name="ad_pass" autocomplete="off" />
            </p>
            <p>
            <br />
            <input type="submit" name="ad_submit" value="Log me in »" id="login_button" />
            </p>
            </form>
        </div>
        <div id="loginbox-bottom"> </div>
</div>
<?php

include_once('includes/footer.php'); 





?>

 

Its quite frustrating one must say  :'(

 

Again, I'd be very grateful if you were to reply!  :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.