zeusthegreat Posted September 23, 2011 Report Share Posted September 23, 2011 I have an admin index page index.php <?php session_start(); if(!isset($_SESSION["manager"])){ header("location: admin_login.php"); exit(); } // Be sure to check that this manager SESSION value is in fact in the database $managerID = preg_replace('#[^0-9]#i',"",$_SESSION["id"]); //filter everyhting but numbers and letters $manager = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["manager"]); //filter everything but numbers and letters $password = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["password"]); //filter everything but numbers and letters //Run mySQL query to be sure that this person is an admin and that their password session varequals the database information //Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql= mysql_query("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1"); //query the person --make sure person exists in database---- $existCount= mysql_num_rows($sql); //count the row nums if($existCount==0){ //evaluate the count header("location: ../index.php"); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'>http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">'>http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> <style type="text/css"> body { background-color: #FFF; } </style> </head> <body> <div align="center"></div> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php"); ?> <?php include_once("../template_sidebar.php"); ?> <div align="left" id="pageContent"> <div align="left" style="margin-left:24px;"> <p>Hello store manager, what would you like to do today?</p> <p><a href="inventory_list.php">Manage Inventory</a></p> <p><a href="#">Manage Blah Blah</a></p> <p><br> </p> </div> </div> <?php include_once("../template_footer.php"); ?> </div> </body> </html> and an adminlogin page also admin_login.php <?php session_start(); if(!isset($_SESSION["manager"])){ header("location: index.php"); exit(); } ?> <?php // parse the log in form if the user has filled it out and pressed "Log in" if (isset($_POST["username"])&& isset($_POST["password"])){ //remeber 2 double quotes ,"",$_POST["username"] and the same on password line. $manager = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["username"]); //filter everything but numbers and letters $password = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["password"]); //filter everything but numbers and letters //Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql= mysql_query("SELECT id FROM admin WHERE username='$manager'AND $passord='$password' LIMIT 1"); //query the person --make sure person exists in database---- $existCount= mysql_num_rows($sql); //count the row nums if($existCount==1){ //evaluate the count while($row =mysql_fetch_array($sql)){ $id=$row["id"]; } $_SESSION["id"]=$id; $_SESSION["manager"]=$manager; $_SESSION["password"]=$password; header("location: index.php"); exit(); }else{ echo 'That information is incorrect. try again<a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In</title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> <style type="text/css"> body { background-color: #FFF; } </style> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php"); ?> <?php include_once("../template_sidebar.php"); ?> <div align="left" id="pageContent"> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> </div> </div> <?php include_once("../template_footer.php"); ?> </div> </body> </html> and the result of my two pages returns Parse error: syntax error, unexpected $end in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 51 Quote Link to comment Share on other sites More sharing options...
zeusthegreat Posted September 23, 2011 Author Report Share Posted September 23, 2011 (edited) but when i log in the admin name and password i get ( ! ) Notice: Undefined variable: passord in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 17 Call Stack # Time Memory Function Location 1 0.0007 380416 {main}( ) ..\admin_login.php:0 ( ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack # Time Memory Function Location 1 0.0007 380416 {main}( ) ..\admin_login.php:0 2 0.0188 388200 mysql_num_rows ( ) ..\admin_login.php:18 That information is incorrect. try againClick Here what i notice straight away is the name passord instead of password resolved the password issue but still have ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack does it have a problem with while($row = mysql_fetch_array($sql)){ as i cannot see anything else Edited September 23, 2011 by talos Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2011 Report Share Posted September 23, 2011 ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 You may want to check this line: ("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1" I'm betting that the lack of a space between "managerID'" and the "AND" is causing the issue. Add a space before the "AND" and the error will probably go away. Quote Link to comment Share on other sites More sharing options...
zeusthegreat Posted September 23, 2011 Author Report Share Posted September 23, 2011 (edited) "SELECT * FROM admin WHERE id = '$managerID 'AND username = '$manager' AND password = '$password' LIMIT 1"); for the index page "SELECT id FROM admin WHERE username = '$manager 'AND $password = '$password' LIMIT 1"); the above is for the login page stll no joy Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Edited September 23, 2011 by talos Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2011 Report Share Posted September 23, 2011 It's this section of text: '$manager 'AND and '$managerID 'AND There needs to be a space before the "AND", not to the left of the quote. Quote Link to comment Share on other sites More sharing options...
zeusthegreat Posted September 23, 2011 Author Report Share Posted September 23, 2011 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18 Call Stack # Time Memory Function Location 1 0.0008 380400 {main}( ) ..\admin_login.php:0 2 0.0143 387880 mysql_num_rows ( ) ..\admin_login.php:18 Quote Link to comment Share on other sites More sharing options...
zeusthegreat Posted September 23, 2011 Author Report Share Posted September 23, 2011 "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") admin_login.php index.php SELECT * FROM admin WHERE id= '$managerID' AND username= '$manager' AND password= '$password' LIMIT 1" sorry for this ben but i seem to be following what you say but with no luck! Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2011 Report Share Posted September 23, 2011 This query seems to be incorrect: "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") You have an unnecessary "$" at the beginning of the first "password". Quote Link to comment Share on other sites More sharing options...
jstern Posted September 23, 2011 Report Share Posted September 23, 2011 "SELECT id FROM admin WHERE username= '$manager' AND $password= '$password' LIMIT 1") using a variable for $password column, did you mean to do this? try: "SELECT id FROM admin WHERE username = '$manager' AND password = '$password' LIMIT 1" Quote Link to comment Share on other sites More sharing options...
zeusthegreat Posted September 23, 2011 Author Report Share Posted September 23, 2011 thanks ben that was it i could not see! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.