Hi, I'm trying to make a login form for my website, but I can't seem to get my head around this problem, basically it keeps returning this row error and I'm not too sure why? Really need some help on this, thanks.
(Excuse my sloppy coding; just trying to get the basics to work atm)
LOGIN.PHP
<?php
session_start();
include "dbConfig.php";
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$username = trim($_POST['username']);
$password = trim ($_POST['password']);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$result = mysql_query($query) or die(mysql_error());
if(!$result)
{
die("Wrong username or password.");
}
elseif(!mysql_num_rows($result))
{
die("No user found by that username.");
}
else
{
Header("Location: memberstest.php");
exit();
}
}
?>
<form action="login.php" method="POST">
Username:<br>
<input class="login_form" type="text" name="username" id="username" maxlength="20">
<br><br>
Password:<br>
<input class="login_form" type="password" name="password" id="password" maxlength="50">
<br><br>
<button type="submit" name="submit" class="InputButton">Login</button>
</form>
REGISTER.PHP
<?php
session_start();
define('SALT_CHARACTERS', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789');
function generate_salt() {
$salt = '';
for($i = 0; $i < 21; $i++) {
$salt .= substr(SALT_CHARACTERS, mt_rand(0, strlen(SALT_CHARACTERS) - 1), 1);
}
return $salt;
}
$errors = array();
if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])){
require_once 'dbConfig.php';
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$username = trim($_POST['username']);
$email = trim($_POST['email']);
$password = $_POST['password'];
if($firstname == '') {
$errors[] = 'Please enter your firstname.';
header("location: register.php?r=error");
}
if($lastname == '') {
$errors[] = 'Please enter your lastname.';
header("location: register.php?r=error");
}
if($email == '') {
$errors[] = 'Please enter an email address.';
header("location: register.php?r=error");
}
if($username == '') {
$errors[] = 'Please enter a username.';
header("location: register.php?r=error");
}
if($password == '') {
$errors[] = 'Please enter a password.';
header("location: register.php?r=error");
}elseif(strlen($password) < 6) {
$errors[] = 'Your password must be at least 6 characters long.';
header("location: register.php?r=error");
}
if(count($errors) === 0) {
$passwordHash = crypt($password, '$2y$12$' . generate_salt());
$query = "INSERT INTO users(firstname, lastname, username, email, password) VALUES('$firstname', '$lastname', '$username', '$email', '$passwordHash')";
$result = mysql_query($query) or die(mysql_error());
if ($result)
{
header("location: register.php?r=success");
exit();
}
else
{
die("Query failed");
}
}
}
?>