User login script error

[thetestingsite]

As said in my edit:

EDIT: Actually, before you post the code, check to make sure you have a form field named "login" because that could be the problem.

Make sure there is a field named login, and in the above code you posted, there is NOT one.

Either add a hidden field that for that or change the submit button name.

[Titan85]

Ok, I changed the name and now that works (seems I am good at making stupid little errors), but now I find that the data is not being entered into the sql table from the register.php page, so I set it to display an error, and this is what I get: "Column count doesn't match value count at row 1". It comes from this line of code:

PHP Code:

    $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup')";
    
    mysql_query($add) or die (mysql_error()); //Run query 


I have never seen this error and have no idea what it means, anyone know? Could it be related to my SQL code?

[blm126]

You need to include the column list or specify them exactly.
so it should look like this.

Code:

INSERT INTO `users`(column_name,column_name,column_name,column_name,column_name,column_name) VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup')

column_name needs to be changed to the correct columns(in the exact order)

[Titan85]

Ok, I added what you said to and now it adds the data to the table . However, yet another problem, I still get the "incorrect username" when I try to login. Since I know the data is indeed in the sql database, it must be something with the login page. Here is the full code:

PHP Code:

<?php

    require('config.php');

if (empty($online['id'])){

if ($_POST['Login']) { //If loggin submitted

$username = clean($_POST['username']);
$password = clean($_POST['password']);

if (!$username || !$password){ //If fields are empty
echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

$password = md5($password); 

$query = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'";
mysql_query($query) or die(mysql_error());


if (mysql_num_rows($query) == 1){ //Info found

$expire = time() + (7*86400);

setcookie("username", $user, $expire); //Set Username cookie

setcookie("password", $pass, $expire); //Set password cookie

//Success
echo 'Success, you have been logged in!<br />';
echo '<a href="cpanel.php">Continue</a>...';

}
else { //If no info found
    echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

}

}
else {
    require('form.php');
}

}
else {
    require('logged_in.php');
}
?>

I get the error:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/bntqann/public_html/testing/user_login/login.php on line 23. I do not know why it says mysql_num_rows() is not valid result, anyone know?

[thetestingsite]

It should be like this:

Code:

$query = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die(mysql_error());


if (mysql_num_rows($result) == 1){ //Info found

[Titan85]

Ok, I changed the mysql_num_rows() to what you showed me and it works good, but I still get the username incorrect error, anything else it could be?

[thetestingsite]

Try echoing the variable $password after the following line in the above code.

Code:

$password = md5($password);

If it matches the SQL entry, then you may need to make a workaround for this, by calling upon different queries (ex: one for the user information, and one for the password itself [like the below example]).

Code:

$password = md5($password);  

$query = "SELECT * FROM `users` WHERE username = '$username'";
$result = mysql_query($query) or die(mysql_error());

$q = mysql_fetch_array($result);

 if ($password == $q['password']) {

   echo 'Login Success!';
 }

 else {

   echo 'Login Failed';
 }

//edit to your liking of course

However, if the variable $password does not match that in the SQL entry, you may need to make it into a new variable. Like so:

Code:

$pwd = md5($password);

//sql query...

Hope this helps.

[blm126]

Another trick I use when a query isn't working, echo out the final query(after the variables have been added) and run it manually(with mysql command line tool, or maybe PhpMyAdmin). This will make sure you get the results you thought you would.

[Titan85]

I tested echoed the password and it matches up with the database record of it. I am not sure how to make 2 different queries for the password and the username. In the code you gave before, what does this do:

PHP Code:

if ($password == $q['password']) { 


I don't know what the $q['password'] would do.
Another thing that I think may be the problem is my query code:

PHP Code:

$query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$password'";
$result = mysql_query($query) or die(mysql_error());


if (mysql_num_rows($result) == 1){ //Info found 


Anything wrong in there?
thanks for all the help so far, hope someone sees something in the code or has an idea on whats wrong

[thetestingsite]

Ok, so here's something that you could do. Change the following:

Code:

$query = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die(mysql_error());

to this:

Code:

$query = "SELECT * FROM `users` WHERE username = '$username'";
$result = mysql_query($query) or die(mysql_error());

Then, below that, add the following:

Code:

$q = mysql_fetch_array($result); //fetches the mysql array from the table.

   if ($password == $q[password]) {
        echo 'Login Success';
   }

   else {
        echo 'Login Failed';
   }

What the above does is assign a variable ($q) to the array in the sql data that was returned from the query. After that, it takes that same variable with the array name "password" ( $q[password] ) and checks against the md5 encryption of that entered. If it matches, then the login was successful. Else, the login failed.

Hope this helps.