zeusthegreat Posted September 23, 2011 Report Posted September 23, 2011 I have an admin index page index.php <?php session_start(); if(!isset($_SESSION["manager"])){ header("location: admin_login.php"); exit(); } // Be sure to check that this manager SESSION value is in fact in the database $managerID = preg_replace('#[^0-9]#i',"",$_SESSION["id"]); //filter everyhting but numbers and letters $manager = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["manager"]); //filter everything but numbers and letters $password = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["password"]); //filter everything but numbers and letters //Run mySQL query to be sure that this person is an admin and that their password session varequals the database information //Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql= mysql_query("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1"); //query the person --make sure person exists in database---- $existCount= mysql_num_rows($sql); //count the row nums if($existCount==0){ //evaluate the count header("location: ../index.php"); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'>http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">'>http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> <style type="text/css"> body { background-color: #FFF; } </style> </head> <body> <div align="center"></div> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php"); ?> <?php include_once("../template_sidebar.php"); ?> <div align="left" id="pageContent"> <div align="left" style="margin-left:24px;"> <p>Hello store manager, what would you like to do today?</p> <p><a href="inventory_list.php">Manage Inventory</a></p> <p><a href="#">Manage Blah Blah</a></p> <p><br> </p> </div> </div> <?php include_once("../template_footer.php"); ?> </div> </body> </html> and an adminlogin page also admin_login.php <?php session_start(); if(!isset($_SESSION["manager"])){ header("location: index.php"); exit(); } ?> <?php // parse the log in form if the user has filled it out and pressed "Log in" if (isset($_POST["username"])&& isset($_POST["password"])){ //remeber 2 double quotes ,"",$_POST["username"] and the same on password line. $manager = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["username"]); //filter everything but numbers and letters $password = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["password"]); //filter everything but numbers and letters //Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql= mysql_query("SELECT id FROM admin WHERE username='$manager'AND $passord='$password' LIMIT 1"); //query the person --make sure person exists in database---- $existCount= mysql_num_rows($sql); //count the row nums if($existCount==1){ //evaluate the count while($row =mysql_fetch_array($sql)){ $id=$row["id"]; } $_SESSION["id"]=$id; $_SESSION["manager"]=$manager; $_SESSION["password"]=$password; header("location: index.php"); exit(); }else{ echo 'That information is incorrect. try again<a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In</title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> <style type="text/css"> body { background-color: #FFF; } </style> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php"); ?> <?php include_once("../template_sidebar.php"); ?> <div align="left" id="pageContent"> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> </div> </div> <?php include_once("../template_footer.php"); ?> </div> </body> </html> and the result of my two pages returns Parse error: syntax error, unexpected $end in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 51 Quote
zeusthegreat Posted September 23, 2011 Author Report Posted September 23, 2011 (edited) but when i log in the admin name and password i get ( ! ) Notice: Undefined variable: passord in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 17 Call Stack # Time Memory Function Location 1 0.0007 380416 {main}( ) ..\admin_login.php:0 ( ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack # Time Memory Function Location 1 0.0007 380416 {main}( ) ..\admin_login.php:0 2 0.0188 388200 mysql_num_rows ( ) ..\admin_login.php:18 That information is incorrect. try againClick Here what i notice straight away is the name passord instead of password resolved the password issue but still have ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack does it have a problem with while($row = mysql_fetch_array($sql)){ as i cannot see anything else Edited September 23, 2011 by talos Quote
falkencreative Posted September 23, 2011 Report Posted September 23, 2011 ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 You may want to check this line: ("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1" I'm betting that the lack of a space between "managerID'" and the "AND" is causing the issue. Add a space before the "AND" and the error will probably go away. Quote
zeusthegreat Posted September 23, 2011 Author Report Posted September 23, 2011 (edited) "SELECT * FROM admin WHERE id = '$managerID 'AND username = '$manager' AND password = '$password' LIMIT 1"); for the index page "SELECT id FROM admin WHERE username = '$manager 'AND $password = '$password' LIMIT 1"); the above is for the login page stll no joy Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Edited September 23, 2011 by talos Quote
falkencreative Posted September 23, 2011 Report Posted September 23, 2011 It's this section of text: '$manager 'AND and '$managerID 'AND There needs to be a space before the "AND", not to the left of the quote. Quote
zeusthegreat Posted September 23, 2011 Author Report Posted September 23, 2011 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack # Time Memory Function Location 1 0.0008 380400 {main}( ) ..\admin_login.php:0 2 0.0143 387880 mysql_num_rows ( ) ..\admin_login.php:18 Quote
zeusthegreat Posted September 23, 2011 Author Report Posted September 23, 2011 "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") admin_login.php index.php SELECT * FROM admin WHERE id= '$managerID' AND username= '$manager' AND password= '$password' LIMIT 1" sorry for this ben but i seem to be following what you say but with no luck! Quote
falkencreative Posted September 23, 2011 Report Posted September 23, 2011 This query seems to be incorrect: "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") You have an unnecessary "$" at the beginning of the first "password". Quote
jstern Posted September 23, 2011 Report Posted September 23, 2011 "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") using a variable for $password column, did you mean to do this? try: "SELECT id FROM admin WHERE username = '$manager' AND password = '$password' LIMIT 1" Quote
zeusthegreat Posted September 23, 2011 Author Report Posted September 23, 2011 thanks ben that was it i could not see! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.