AdminCP problem

[Derek]

So, long story short-ish, I type in a username and password to "login", and it checks if: You entered in both a username and password. If not, you get an "error Code 002". If you did enter in both a username and password, but they don't match with any in the database, you get an "error code 001".

 

Everything works, except when I enter in a legitimate username and password, it gives me the "error code 001". I checked phpMyAdmin, and my username and password is indeed in the database.

 

index.php - http://pastebin.com/s8EqjPvP

login.php - http://pastebin.com/kBmWe7XU

 

 

You can try it here. Username is "Derek", password is "qwerty".

 

EDIT: I fixed it, thanks everyone. Apparently, you can't "SELECT ........ WHERE $_POST[...]", you have to store the $_POST in a variable first.

 

Thanks,

~Derek

[WebPalace Admin]

I got the Error code 001: Could not connect to database. Is the DB still there?

[Derek]

I got the Error code 001: Could not connect to database. Is the DB still there?

 

Yeah, sorry. I accidentally commented out mysql_connect(...); after I posted this thread. So I fixed that problem, but I still get that error.

 

P.S. You'll get a

Notice: Undefined index: valid_username in /home/derekboy/public_html/site/admin/index.php on line 23

notice. Don't worry about it. I turned on notices so I could debug this problem, and if you look at that line on the source code, you'll realize it's not a mistake (I hope). I'm using "if ($_SESSION['valid_username']) { ... }" to check if you're already signed in. That error won't pop up if I shut off notices.

 

Thanks again.

 

EDIT: Yeah. I know where the error is coming from after a while. I rewrote part of login.php to be this instead:

if (($_POST['username']) && ($_POST['password'])) {
    $checklogin = mysql_query('SELECT * FROM site_admin' . 
                          'WHERE admin_username = ' . $_POST['username'] . ' ' .
                          'AND admin_password = ' . $_POST['password'] . ' ' .
                          'LIMIT 1');
            
    $rownumber = mysql_num_rows($checklogin);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($rownumber == 1) {
    // Sign in.

 

$rownumber in this case is supposed to give an integer. Instead, I'm getting:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/derekboy/public_html/site/admin/login.php on line 32

 

So I added mysql_error(); and got

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin_username' = 'Derek' AND 'admin_password' = 'qwerty' LIMIT 1' at line 1

 

Then I changed $checklogin to

$query = 'SELECT * FROM site_admin ' . 
"WHERE 'admin_username' = '" . $_POST['username'] . "' " .
"AND 'admin_password' = '" . $_POST['password'] . "' " .
'LIMIT 1';
$checklogin = mysql_query($query);

 

And it got rid of all the mySQL errors, but I still get the original error (Error code 002: The server denied you access. You must have entered in a wrong username and/or password.)

 

So, I brought all the files up-to-date on the pastebins.

 

Thanks again.