Jump to content

AdminCP problem

Derek

By Derek
in Website Management and Coding

 Share

Recommended Posts

Derek Newbie

Derek

Posted
Posted

So, long story short-ish, I type in a username and password to "login", and it checks if: You entered in both a username and password. If not, you get an "error Code 002". If you did enter in both a username and password, but they don't match with any in the database, you get an "error code 001".

 

Everything works, except when I enter in a legitimate username and password, it gives me the "error code 001". I checked phpMyAdmin, and my username and password is indeed in the database.

 

index.php - http://pastebin.com/s8EqjPvP

login.php - http://pastebin.com/kBmWe7XU

 

 

You can try it here. Username is "Derek", password is "qwerty".

 

EDIT: I fixed it, thanks everyone. Apparently, you can't "SELECT ........ WHERE $_POST[...]", you have to store the $_POST in a variable first.

 

Thanks,

~Derek

Link to comment
Share on other sites
Derek Newbie

Derek

Posted
  • Author
Posted
I got the Error code 001: Could not connect to database. Is the DB still there?

 

Yeah, sorry. I accidentally commented out mysql_connect(...); after I posted this thread. So I fixed that problem, but I still get that error.

 

P.S. You'll get a 

Notice: Undefined index: valid_username in /home/derekboy/public_html/site/admin/index.php on line 23

notice. Don't worry about it. I turned on notices so I could debug this problem, and if you look at that line on the source code, you'll realize it's not a mistake (I hope). I'm using "if ($_SESSION['valid_username']) { ... }" to check if you're already signed in. That error won't pop up if I shut off notices.

 

Thanks again.

 

EDIT: Yeah. I know where the error is coming from after a while. I rewrote part of login.php to be this instead:

if (($_POST['username']) && ($_POST['password'])) {
    $checklogin = mysql_query('SELECT * FROM site_admin' . 
                          'WHERE admin_username = ' . $_POST['username'] . ' ' .
                          'AND admin_password = ' . $_POST['password'] . ' ' .
                          'LIMIT 1');
            
    $rownumber = mysql_num_rows($checklogin);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($rownumber == 1) {
    // Sign in.

 

$rownumber in this case is supposed to give an integer. Instead, I'm getting:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/derekboy/public_html/site/admin/login.php on line 32

 

So I added mysql_error(); and got

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin_username' = 'Derek' AND 'admin_password' = 'qwerty' LIMIT 1' at line 1

 

Then I changed $checklogin to 

$query = 'SELECT * FROM site_admin ' . 
"WHERE 'admin_username' = '" . $_POST['username'] . "' " .
"AND 'admin_password' = '" . $_POST['password'] . "' " .
'LIMIT 1';
$checklogin = mysql_query($query);

 

And it got rid of all the mySQL errors, but I still get the original error (Error code 002: The server denied you access. You must have entered in a wrong username and/or password.)

 

So, I brought all the files up-to-date on the pastebins.

 

Thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...